CVE-2024-57641

Vulnerability

A denial-of-service vulnerability exists in the sqlexp component of OpenLink Virtuoso Open-Source version 7.2.11. The issue is triggered by executing a specific crafted sequence of SQL statements involving DECIMAL types, subqueries with CASE WHEN, division by zero, and complex ORDER BY clauses. The PoC provided shows that the server crashes with a stack smashing error when processing these statements [1].

Exploitation

An attacker who can execute arbitrary SQL statements against a Virtuoso instance (e.g., via isql with any valid user credentials) can send the crafted query sequence. The steps involve creating a table, inserting specific values, and running a complex INSERT ... SELECT statement with nested arithmetic operations and division by zero. The crash occurs during query parsing or execution, without requiring any special privileges beyond the ability to run SQL commands [1].

Impact

Successful exploitation causes a denial of service (DoS) by crashing the Virtuoso server process. The stack smashing indicated by the error suggests memory corruption, potentially affecting other processes on the same machine. The service becomes unavailable until restarted, leading to disruption of database operations [1].

Mitigation

As of publication (2025-01-14), no official fix has been released for this vulnerability in Virtuoso Open-Source 7.2.11. The issue is confirmed reproducible on the latest branch [1]. Users should monitor the vendor's repository for a patched version. If immediate mitigation is needed, consider restricting SQL execution privileges to trusted users only, or using a Web Application Firewall (WAF) to filter suspicious query patterns.