CVE-2024-57643

CVE-2024-57643 is a denial-of-service vulnerability in the box_deserialize_string component of OpenLink Virtuoso OpenSource version 7.2.11. The flaw allows attackers to trigger a DoS condition through specially crafted SQL statements, as documented with CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). The vulnerability received a CVSS v3.1 base score of 7.5, reflecting its high severity due to the potential for significant availability impact.

Remote attackers can exploit this vulnerability over the network with low complexity and no required privileges or user interaction. Unauthenticated adversaries need only send malicious SQL statements to the affected Virtuoso instance, resulting in a crash or resource exhaustion that disrupts service availability without impacting confidentiality or integrity.

The primary reference for this issue is a GitHub issue tracker entry at https://github.com/openlink/virtuoso-opensource/issues/1181, which likely contains additional details on reproduction, analysis, or potential patches, though specific mitigation steps are not detailed in the CVE publication. Security practitioners should monitor the Virtuoso project for updates and consider restricting SQL input validation or upgrading to patched versions if available.