Impact
An issue in the sqlo_place_dt_set component of OpenLink Virtuoso Open-Source version 7.2.11 allows attackers to craft specific SQL statements that trigger a denial of service. The flaw causes the database to exhaust resources or terminate unexpectedly, disrupting service availability, and is identified as a SQL injection style vulnerability (CWE-89) focused on availability rather than data exfiltration.
Affected Systems
The vulnerability affects OpenLink Virtuoso-OpenSource version 7.2.11, specifically the sqlo_place_dt_set component. No other affected product versions are indicated in the available data.
Risk and Exploitability
The CVSS score of 7.5 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet. The likely attack vector is remote, where an attacker sends crafted SQL statements to the exposed database interface, causing resource exhaustion or a crash if the database is reachable from untrusted networks.
OpenCVE Enrichment