Impact
The vulnerability resides in the sqlo_strip_in_join component of OpenLink Virtuoso Open Source version 7.2.11. When an attacker submits specially crafted SQL statements, the component fails to properly validate or sanitize the input, causing the database engine to enter an abnormal state or consume excessive resources. This results in a loss of availability for the database service and any applications that depend on it.
Affected Systems
OpenLink Virtuoso Open Source version 7.2.11 is the only version explicitly documented as affected. No other products, vendors, or versions have been identified in the current data.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity, though the EPSS score is not available, so the exact likelihood of exploitation is unknown. The vulnerability is not listed in CISA’s KEV catalog, suggesting no widespread exploitation has been recorded. The attack vector is inferred to be remote: an attacker would need network access to the database’s interface to send malformed SQL queries.
OpenCVE Enrichment