Impact
An issue in the t_set_push component of the Virtuoso OpenSource database (v7.2.11) allows attackers to trigger a Denial of Service by submitting specially crafted SQL statements. The flaw leads to the database engine becoming unresponsive or crashing, disabling legitimate database operations for applications that depend on the instance and resulting in a loss of availability. The weakness stems from a SQL injection vulnerability (CWE-89).
Affected Systems
Vulnerable systems are installations of Openlink Virtuoso OpenSource version 7.2.11. No other vendors or product variants are identified from the available data.
Risk and Exploitability
The vulnerability can be exploited by transmitting malicious SQL to the t_set_push handler. Precise attack prerequisites are not listed, but it is inferred that network access to the database server is required. The CVSS score of 7.5 indicates moderately high severity, while the EPSS score of < 1% indicates a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, so no indications of active exploitation are known.
OpenCVE Enrichment