Description
An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Published: 2026-06-23
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The time_t_to_dt component in Virtuoso OpenSource version 7.2.11 can be triggered by specially crafted SQL statements. When invoked, the component causes the database server to crash, resulting in a loss of availability for any services that rely on the database. The flaw is a logical error that does not directly expose data or modify contents, but its primary consequence is a denial of service.

Affected Systems

openlink virtuoso-opensource (version 7.2.11). No other affected versions are mentioned in the advisory.

Risk and Exploitability

No CVSS score is provided and the vulnerability is not listed in CISA KEV, indicating no confirmed exploits at present. The EPSS score is unavailable, so the likelihood of exploitation cannot be quantified. The attack vector is inferred to be remote via the database interface, requiring the ability to submit malicious SQL statements. If authentication controls or network access are weak, the risk of exploitation increases. A successful exploitation would terminate the database process, causing a temporary or prolonged outage.

Generated by OpenCVE AI on June 24, 2026 at 00:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Virtuoso patch or upgrade to a release that resolves the time_t_to_dt bug.
  • Restrict database access to trusted networks or enforce firewall rules to limit connections from untrusted sources.
  • Implement automated monitoring and restart mechanisms to quickly recover the database service after a crash.

Generated by OpenCVE AI on June 24, 2026 at 00:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL in Virtuoso OpenSource time_t_to_dt
Weaknesses CWE-400

Tue, 23 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL in Virtuoso OpenSource time_t_to_dt
Weaknesses CWE-770
CWE-89

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted SQL in Virtuoso OpenSource time_t_to_dt
Weaknesses CWE-770
CWE-89

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-23T16:12:07.672Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-61028

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T00:15:09Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption