Impact
An issue in the sqlo_tb_col_preds component of OpenLink Virtuoso OpenSource version 7.2.11 allows attackers to cause a denial of service by sending specially crafted SQL statements. The vulnerability is classified under CWE‑89 and does not expose confidentiality or integrity, but it can render the database service unusable.
Affected Systems
The flaw affects the OpenLink Virtuoso OpenSource database engine, specifically version 7.2.11. No other vendors or product versions are mentioned in the available data.
Risk and Exploitability
The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalogue, indicating that it has not yet become a widely exploited threat. With a CVSS score of 7.5, the vulnerability is considered high severity. The attack vector is inferred to be remote, as the malicious SQL must be transmitted to the database server via a network connection. If successfully executed, the attacker can disrupt service availability, but there is no evidence of privilege escalation or data exfiltration.
OpenCVE Enrichment