Description
An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Published: 2026-06-23
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in the sqlo_key_part_best component of OpenLink Virtuoso OpenSource version 7.2.11 allows attackers to trigger a denial of service by submitting specially crafted SQL statements. It can cause the database engine to become unresponsive or temporarily unavailable, disrupting availability for applications that rely on the database.

Affected Systems

The vulnerability is present only in Virtuoso OpenSource version 7.2.11. No other affected versions are identified. The vendor is OpenLink, and the issue exists within the sqlo_key_part_best component.

Risk and Exploitability

The CVSS score is not provided, but the impact is a denial of service which can severely affect operations. The EPSS score is unavailable, so the likelihood of exploitation is unclear. The vulnerability is not listed in CISA’s KEV catalog, suggesting no widely known exploitation. Likely attack vectors include any SQL client or front‑end that sends queries to the database; the attacker only needs the ability to submit queries and does not require elevated privileges. Once triggered, the service may crash or hang, allowing an attacker to deny access. The effect is confined to the target database instance unless the vulnerability can be leveraged to affect other components or applications built atop the database.

Generated by OpenCVE AI on June 24, 2026 at 00:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Virtuoso OpenSource distribution to a version that includes the fix for sqlo_key_part_best or apply any vendor‑supplied patch that addresses this denial‑of‑service issue.
  • Limit exposure of the database by configuring the firewall or access control to allow connections only from trusted hosts or users, reducing the chance that an unauthenticated or compromised client can send malicious queries.
  • Enable database access logging and integrate alerting for abnormal query patterns or repeated unresponsive queries; monitor performance metrics and consider temporarily disabling public query interfaces until the vulnerability is fixed.

Generated by OpenCVE AI on June 24, 2026 at 00:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL Statements in Virtuoso sqlo_key_part_best
Weaknesses CWE-400

Tue, 23 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL Statements in Virtuoso OpenSource sqlo_key_part_best
Weaknesses CWE-400

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL Statements in Virtuoso OpenSource sqlo_key_part_best
Weaknesses CWE-400

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-23T16:05:10.612Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-61019

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T01:00:06Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption