Impact
An issue in the sqlo_key_part_best component of Virtuoso OpenSource version 7.2.11 allows attackers to trigger a denial of service by submitting specially crafted to CWE-89, indicating problems with input validation and potential SQL injection. The database engine can become unresponsive or temporarily unavailable, disrupting availability for applications that rely on the database.
Affected Systems
This vulnerability affects Virtuoso OpenSource version 7.2.11. The problem resides in the sqlo_key_part_best component. No other versions or products are currently known to be impacted.
Risk and Exploitability
The CVSS score of 7.5 indicates moderate severity, while the EPSS score of <1% shows a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, meaning no known widespread exploitation. Based on the description, it is inferred that the attacker only needs the ability to submit queries and does not require elevated privileges. Likely attack vectors include any SQL client or front‑end that sends queries to the database; once triggered, the service may crash legitimate users. The effect is confined to the affected database instance unless it is leveraged to compromise other components or applications built on top of the database.
OpenCVE Enrichment