CVE-2024-57647

HighPublic PoC

Published: 14 January 2025

Published

14 January 2025

Modified

17 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score 0.0040 60.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Security Summary

CVE-2024-57647 is a vulnerability in the row_insert_cast component of OpenLink Virtuoso Open-Source version 7.2.11. The issue allows attackers to cause a Denial of Service (DoS) condition via crafted SQL statements. It is classified under CWE-89 (SQL Injection) with a CVSS v3.1 base score of 7.5, reflecting network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N).

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and without requiring user interaction. Successful exploitation enables a DoS condition through specially crafted SQL statements targeting the row_insert_cast component.

Mitigation details are available in the referenced GitHub issue at https://github.com/openlink/virtuoso-opensource/issues/1207.

Details

CWE(s): CWE-89

Affected Products

openlinksw

virtuoso

7.2.11

References

https://github.com/openlink/virtuoso-opensource/issues/1207
Exploit, Issue Tracking, Vendor Advisory · cve@mitre.org