Denial of Service via crafted SQL statements in sqlo_place_dt_set
Summary
An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. A flaw was found in openlink virtuoso-opensource. This vulnerability allows attackers to cause a Denial of Service (DoS) by sending specially crafted SQL statements to the `sqlo_place_dt_set` component. A successful exploit could make the service unavailable to legitimate users. Although `virtuoso-opensource` is shipped with RHEL 7 Extended Lifecycle Support (ELS), the vulnerable code is completely absent from the package. Therefore, Red Hat products are not impacted by this vulnerability. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Red Hat rates this important; a fix erratum may not be out yet — apply the RHSA as soon as it publishes.
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.