Description
An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Published: 2026-06-23
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in the sqlo_place_dt_set component of OpenLink Virtuoso Open-Source version 7.2.11 allows attackers to craft specific SQL statements that trigger a denial of service. The flaw causes the database to exhaust resources or terminate unexpectedly, disrupting service availability, and is identified as a SQL injection style vulnerability (CWE-89) focused on availability rather than data exfiltration.

Affected Systems

The vulnerability affects OpenLink Virtuoso-OpenSource version 7.2.11, specifically the sqlo_place_dt_set component. No other affected product versions are indicated in the available data.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet. The likely attack vector is remote, where an attacker sends crafted SQL statements to the exposed database interface, causing resource exhaustion or a crash if the database is reachable from untrusted networks.

Generated by OpenCVE AI on June 24, 2026 at 10:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict database access to trusted networks or hosts using firewalls and network segmentation.
  • Implement strict input validation and sanitization rules for SQL queries in the sqlo_place_dt_set component.
  • Apply application‑level rate limiting or anomaly detection to identify and block excessive or anomalous query activity.
  • Monitor database logs for repeated patterns of crafted queries indicative of exploitation attempts.

Generated by OpenCVE AI on June 24, 2026 at 10:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL Statements in Virtuoso Open-Source Database virtuoso-opensource: Openlink Virtuoso-opensource: Denial of Service via crafted SQL statements in sqlo_place_dt_set
References
Metrics threat_severity

None

threat_severity

Important


Wed, 24 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Openlink
Openlink virtuoso-opensource
Vendors & Products Openlink
Openlink virtuoso-opensource

Wed, 24 Jun 2026 11:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL Statements in Virtuoso Open-Source Database

Wed, 24 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL Statements in OpenLink Virtuoso OpenSource

Wed, 24 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL Statements in OpenLink Virtuoso OpenSource

Tue, 23 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL Statements in Virtuoso OpenSource sqlo_place_dt_set

Tue, 23 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL Statements in Virtuoso OpenSource sqlo_place_dt_set

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
References

Subscriptions

Openlink Virtuoso-opensource
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-30T03:17:07.858Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-61018

cve-icon Vulnrichment

Updated: 2026-06-30T02:42:55.806Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-23T00:00:00Z

Links: CVE-2025-61018 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:07:10Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')