Impact
A flaw in the sqlo_try_in_loop component of openlink virtuoso-opensource version 7.2.11 allows an attacker to send crafted SQL statements that cause the database server to hang and become unresponsive. This is an example of uncontrolled resource consumption caused by unchecked input (CWE-606), and it also provides a vector for SQL injection (CWE-89). The outcome is loss of service availability for any applications relying on the database, potentially disrupting business operations.
Affected Systems
The openlink virtuoso-opensource product version 7.2.11 is affected. No other versions or distributions are listed in the provided data.
Risk and Exploitability
The CVSS score is 7.5, no EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation. The likely attack vector is any client that can send SQL commands to the connection to the Virtuoso engine. The impact is limited to service availability, with confidentiality and integrity remaining intact. The severity suggests that a successful attack could disrupt applications that rely on the database and could be mitigated by limiting access or applying a patch.
OpenCVE Enrichment