Denial of Service via crafted SQL statements
Summary
An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. A flaw was found in the virtuoso-opensource component. An attacker could exploit this vulnerability by sending specially crafted SQL statements, leading to a Denial of Service (DoS) condition. This could make the affected system unavailable to legitimate users. Although `virtuoso-opensource` is shipped with RHEL 7 Extended Lifecycle Support (ELS), the vulnerable code is completely absent from the package. Therefore, Red Hat products are not impacted by this vulnerability. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- Red Hat rates this important; a fix erratum may not be out yet — apply the RHSA as soon as it publishes.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.