CVE-2024-57641

HighPublic PoC

Published: 14 January 2025

Published

14 January 2025

Modified

17 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score 0.0031 53.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Security Summary

CVE-2024-57641 is a vulnerability in the sqlexp component of OpenLink Virtuoso OpenSource version 7.2.11. The issue allows attackers to cause a Denial of Service (DoS) condition through crafted SQL statements. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and is associated with CWE-89 (SQL Injection). The vulnerability was published on 2025-01-14.

A remote network attacker requires no privileges, authentication, or user interaction to exploit this vulnerability with low attack complexity. Successful exploitation leads to a DoS condition as described, with the CVSS metrics indicating high integrity impact but no confidentiality or availability impact.

Mitigation details are available in the GitHub issue tracker at https://github.com/openlink/virtuoso-opensource/issues/1183.

Details

CWE(s): CWE-89

Affected Products

openlinksw

virtuoso

7.2.11

References

https://github.com/openlink/virtuoso-opensource/issues/1183
Exploit, Issue Tracking, Vendor Advisory · cve@mitre.org