Impact
An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements, leading to a database crash. The flaw involves a logical error in date conversion that can be triggered by malicious queries, and is classified as CWE-770 (Uncontrolled Resource Consumption) and CWE-89 (SQL Injection).
Affected Systems
openlink virtuoso-opensource (version 7.2.11). No other affected versions are mentioned. The vulnerability is specific to this release.
Risk and Exploitability
The CVSS score of 7.5 classifies this vulnerability as high severity. The EPSS score of <1% indicates a very low likelihood of exploitation and it is not listed in the CISA KEV catalog, so no known public exploits exist. Attackers would need to send specially crafted SQL statements through the database interface, which is likely remote; if network exposure or authentication controls are weak, the risk increases. A successful exploit would terminate the database process, causing temporary or prolonged outage.
OpenCVE Enrichment