Impact
The st_compare component within OpenLink Virtuoso OpenSource version 7.2.11 contains a flaw that allows an attacker to craft specific SQL statements. When these statements target st_compare, the database engine may consume excessive resources or crash, interrupting service. This weakness is classified as a resource exhaustion vulnerability and is associated with the CWE‑89 identifier.
Affected Systems
OpenLink Virtuoso OpenSource version 7.2.11 is the only explicitly listed affected release. No other versions or package variants appear to be impacted based on the current advisory. Administrators should confirm deployment of this exact version and determine whether a patch or upgrade is required.
Risk and Exploitability
The vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.5 indicates a high severity, while the EPSS score of <1% suggests a low exploitation probability at this time. Successful exploitation would cause a Denial of Service by exhausting system resources or crashing the database. The risk is higher in environments where the database is exposed to unauthenticated or poorly authenticated users, or where untrusted input can reach the st_compare component. Monitoring for abnormal query patterns or resource usage spikes is advisable to detect attempted exploitation.
OpenCVE Enrichment