CVE-2024-57636
Published: 14 January 2025
Description
An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Security Summary
CVE-2024-57636 is a vulnerability in the itc_sample_row_check component of OpenLink Virtuoso Open-Source version 7.2.11. The flaw allows attackers to trigger a Denial of Service (DoS) condition through specially crafted SQL statements. It has been assigned CWE-89 (Improper Neutralization of Special Elements used in an SQL Command, or SQL Injection) and a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation causes a DoS, disrupting service availability for legitimate users by crashing or overwhelming the affected Virtuoso instance, with no impact on confidentiality or integrity.
Mitigation details and further discussion are available in the GitHub issue at https://github.com/openlink/virtuoso-opensource/issues/1194, published on 2025-01-14. Security practitioners should review this reference for patches or workarounds specific to Virtuoso Open-Source deployments.
Details
- CWE(s)