Impact
The issue resides in the sqlo_untry component of OpenLink Virtuoso OpenSource 7.2.11. This vulnerability, identified as CWE-89, enables an attacker to trigger a denial of service by submitting crafted SQL statements. The resulting service disruption renders the database unavailable to legitimate users, potentially impacting business operations and applications dependent on the database.
Affected Systems
This vulnerability affects systems running OpenLink Virtuoso OpenSource version 7.2.11. No other products or versions are explicitly identified as impacted, and newer releases may include a fix. Users deploying this exact release should consider remediation actions promptly.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity impact. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker must be able to interact with the database interface—either through an exposed SQL endpoint or an authenticated session—to deliver the malicious query. Successful exploitation results in a denial of service of the database server, potentially affecting all applications relying on it.
OpenCVE Enrichment