Impact
Crafted SQL statements targeting the sslr_qst_get component in OpenLink Virtuoso OpenSource version 7.2.11 cause the database server to crash or stop responding, resulting in a denial of service. The underlying weakness is an input validation failure that allows malformed queries to be processed, either exhausting server resources or triggering a fatal error. Although this flaw does not expose data or enable code execution, its effect—unavailability of database services—can disrupt business operations.
Affected Systems
The only affected product listed is OpenLink Virtuoso‑OpenSource version 7.2.11. The vulnerability applies to deployments that expose the sslr_qst_get interface to external or internal clients.
Risk and Exploitability
The EPSS score is not available and the flaw is not listed in the CISA KEV catalog, indicating no publicly known exploits. Based on the description, it is inferred that any client capable of sending crafted SQL to the sslr_qst_get endpoint can trigger the problem, potentially over the network or within the local network. With a CVSS score of 7.5, the risk is moderate‑to‑high; the lack of known active exploits lowers the immediate likelihood, but the availability impact remains significant.
OpenCVE Enrichment