Denial of Service in st_compare component via crafted SQL statements
Summary
An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. A flaw was found in virtuoso-opensource. An attacker could exploit a vulnerability in the `st_compare` component by sending specially crafted SQL statements. This could lead to a Denial of Service (DoS), making the service unavailable to legitimate users. Although `virtuoso-opensource` is shipped with RHEL 7 Extended Lifecycle Support (ELS), the vulnerable code is completely absent from the package. Therefore, Red Hat products are not impacted by this vulnerability. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Red Hat rates this important; a fix erratum may not be out yet — apply the RHSA as soon as it publishes.
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.