CVE-2024-57662

CVE-2024-57662 affects the sqlg_hash_source component in OpenLink Virtuoso Open-Source edition version 7.2.11. The vulnerability allows attackers to trigger a Denial of Service (DoS) condition by sending crafted SQL statements. It is associated with CWE-770 (Allocation of Resources Without Limits or Throttling) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

Remote attackers require no authentication or privileges and can exploit this over the network with low complexity and no user interaction. By submitting malicious SQL statements to the affected component, they can cause resource exhaustion, leading to service disruption or crashes on vulnerable instances.

The GitHub issue at https://github.com/openlink/virtuoso-opensource/issues/1217 provides additional details on the vulnerability, including potential mitigation steps or patches for OpenLink Virtuoso Open-Source. Security practitioners should review this reference for remediation guidance specific to their deployments.