CVE-2024-57664

CVE-2024-57664 is a denial-of-service vulnerability in the sqlg_group_node component of OpenLink Virtuoso OpenSource version 7.2.11. The flaw allows attackers to trigger a DoS condition through specially crafted SQL statements, stemming from an issue classified under CWE-770 (Allocation of Resources Without Limits or Throttling). It carries a CVSS v3.1 base score of 7.5, reflecting its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impact on availability with no effects on confidentiality or integrity.

Remote attackers require no authentication or privileges to exploit this vulnerability over the network. By sending crafted SQL statements to a vulnerable Virtuoso instance, they can cause resource exhaustion, leading to service disruption or crash of the affected component, thereby denying service to legitimate users.

The vulnerability is tracked in the official repository at https://github.com/openlink/virtuoso-opensource/issues/1211, where security practitioners can find additional details on the issue, potential workarounds, or patch status.