An issue exists in the sqlo_natural_join_cond component of OpenLink Virtuoso OpenSource v7.2.11. The flaw allows an attacker to cause a denial of service by sending specially crafted SQL statements to the database. The result is a loss of availability for the database service, which can impact any applications that rely on it. The weakness is identified as resource exhaustion, classified under CWE-770.

OpenLink Virtuoso OpenSource 7.2.11, specifically the sqlo_natural_join_cond component. No other vendors or product variants are listed. Users deploying this version should verify whether this component is in use in their environment.

No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, indicating that it has not been widely observed in exploitation. The attack vector is inferred to be the ability to communicate with the database engine and submit malformed SQL, which would typically require either unauthenticated or weakly authenticated access to the database. Because the impact is a service disruption, the risk to affected systems is significant; an attacker who can reach the database interface can potentially interrupt the availability of critical services. The lack of an available patch or workaround in the official CNA data suggests that mitigation will rely on limiting exposure and monitoring for abnormal query activity.