CVE-2025-61028

An attacker with the ability to execute arbitrary SQL statements against a Virtuoso database can trigger a denial-of-service crash by running the provided `CREATE TABLE` and `INSERT` statements. The `INSERT` passes a huge integer (`72057594037927935`) and the string `'-675 seconds'` into a `DATE` column, causing `time_t_to_dt` to fault. No authentication beyond a valid SQL session is required, and the attack can be delivered over the network via the `isql` client against a Docker-hosted instance.

The crash occurs in the `time_t_to_dt` function (frame #0) when processing a crafted `INSERT` statement that supplies the value `'-675 seconds'` into a `DATE` column alongside a very large integer `72057594037927935`. The backtrace shows the call chain flows through `box_cast`, `box_cast_to`, `row_insert_cast`, and `ssl_insert_cast` before reaching `insert_node_run` and the SQL execution path.

The advisory does not include a published patch. The issue report [ref_id=1] documents the crash but no fix commit or vendor advisory is referenced. To remediate, the `time_t_to_dt` function would need to validate or sanitize the input values before performing the time conversion, rejecting out-of-range integers or malformed interval strings that cause a segmentation fault.

```sql CREATE TABLE v0 ( v1 DATE NULL ) ; INSERT INTO v0 ( v1 , v1 ) VALUES ( 72057594037927935 , '-675 seconds' ) ; ``` Save to `/tmp/test.sql`, then run: ``` docker container rm virtdb_test -f docker run --name virtdb_test -itd --env DBA_PASSWORD=dba pkleef/virtuoso-opensource-7 sleep 10 echo "SELECT 1;" | docker exec -i virtdb_test isql 1111 dba cat /tmp/test.sql | docker exec -i virtdb_test isql 1111 dba ```