CVE-2024-57659

HighPublic PoC

Published: 14 January 2025

Published

14 January 2025

Modified

17 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0027 50.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Security Summary

CVE-2024-57659 is a vulnerability in the sqlg_parallel_ts_seq component of OpenLink Virtuoso Open-Source version 7.2.11. The issue, associated with CWE-404 (Improper Resource Shutdown or Denial of Service), enables attackers to trigger a Denial of Service (DoS) condition by sending crafted SQL statements. It received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Successful exploitation results in a DoS, disrupting service availability without compromising confidentiality or integrity.

For mitigation details, security practitioners should review the GitHub issue at https://github.com/openlink/virtuoso-opensource/issues/1212, which documents the vulnerability.

Details

CWE(s): CWE-404

Affected Products

openlinksw

virtuoso

7.2.11

References

https://github.com/openlink/virtuoso-opensource/issues/1212
Exploit, Issue Tracking, Vendor Advisory · cve@mitre.org