CVE-2024-57642

Vulnerability

The vulnerability resides in the dfe_inx_op_col_def_table function of OpenLink Virtuoso Open-Source version 7.2.11 [1]. A crafted SQL statement, as demonstrated by a provided proof-of-concept (PoC), triggers a segmentation fault when executed, causing the database server to crash [1]. The PoC involves a nested subquery within a UPDATE statement that references a view containing an IN clause with invalid data types and complex predicates [1]. The affected versions include v7.2.11, and the issue has been reproduced in a beta Docker image [1].

Exploitation

An attacker with the ability to execute arbitrary SQL statements on the Virtuoso database can exploit this vulnerability by sending a specifically crafted query [1]. The provided PoC creates a table and a view, then executes an UPDATE statement that triggers the crash [1]. No authentication beyond standard SQL access is required, and the attack does not necessitate user interaction beyond the initial query submission [1]. The crash occurs during the optimization and execution of the nested query, as indicated by the call stack in the backtrace [1].

Impact

Successful exploitation results in a denial of service (DoS) condition, as the Virtuoso server process crashes and becomes unavailable [1]. This disrupts database services and any applications relying on it until the server is manually restarted [1]. There is no indication of data corruption or privilege escalation from this crash alone [1].

Mitigation

As of the publication date (2025-01-14), no official fix has been released for this vulnerability in OpenLink Virtuoso Open-Source v7.2.11 [1]. Users are advised to monitor the project's issue tracker and repository for patches, and to consider restricting SQL execution capabilities or input validation as a workaround [1].