CVE-2024-57658

CVE-2024-57658 is a vulnerability affecting the sql_tree_hash_1 component in OpenLink Virtuoso OpenSource version 7.2.11. The issue enables attackers to trigger a Denial of Service (DoS) condition through specially crafted SQL statements. It is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

Remote attackers can exploit this vulnerability over the network without authentication, privileges, or user interaction, and with low attack complexity. Successful exploitation results in a DoS, disrupting service availability by crashing the affected Virtuoso instance, while confidentiality and integrity remain unaffected.

The primary reference for this vulnerability is the GitHub issue at https://github.com/openlink/virtuoso-opensource/issues/1209, which provides additional details from the OpenLink project. Security practitioners should consult this advisory for any recommended mitigations or patches.