CVE-2024-57615 – This vulnerability in MonetDB Server's BATcalcb... (How to Fix)

Q: What is the severity of CVE-2024-57615?

CVE-2024-57615 has a CVSS score of 7.5 (HIGH). This vulnerability in MonetDB Server's BATcalcbetween_intern component allows attackers to execute crafted SQL statements that cause a denial of service. The vulnerability affects all systems running vulnerable versions of MonetDB Server, potentially disrupting database operations.

📋 TL;DR

This vulnerability in MonetDB Server's BATcalcbetween_intern component allows attackers to execute crafted SQL statements that cause a denial of service. The vulnerability affects all systems running vulnerable versions of MonetDB Server, potentially disrupting database operations.

💻 Affected Systems

Products:

MonetDB Server

Versions: v11.47.11 (specific version mentioned; check if other versions are affected)

Operating Systems: All platforms running MonetDB

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in a core SQL processing component, so all configurations using the affected version are vulnerable.

📦 What is this software?

Monetdb by Monetdb

View all CVEs affecting Monetdb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service disruption requiring restart, potentially affecting all applications dependent on the database.

🟠

Likely Case

Temporary service degradation or crash affecting database availability until manual intervention.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting who can execute SQL queries.

🌐 Internet-Facing: HIGH if database is exposed to untrusted networks, as SQL injection can be triggered remotely.

🏢 Internal Only: MEDIUM as authenticated users or compromised internal systems could still trigger the DoS.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to execute SQL statements, suggesting authenticated access or SQL injection via application layer.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check MonetDB releases after v11.47.11 for fix

Vendor Advisory: https://github.com/MonetDB/MonetDB/issues/7413

Restart Required: No

Instructions:

1. Check current MonetDB version. 2. Update to patched version via package manager or source. 3. Verify fix with test queries.

🔧 Temporary Workarounds

Restrict SQL Execution

all

Limit database user permissions to prevent execution of arbitrary SQL statements.

REVOKE EXECUTE ON PROCEDURE BATcalcbetween_intern FROM public;
GRANT EXECUTE ON PROCEDURE BATcalcbetween_intern TO trusted_users_only;

🧯 If You Can't Patch

Implement network segmentation to restrict database access to trusted applications only.
Deploy web application firewall (WAF) to filter malicious SQL patterns at application layer.

🔍 How to Verify

Check if Vulnerable:

Check MonetDB version: if v11.47.11, assume vulnerable. Test with controlled SQL queries that trigger between operations.

Check Version:

monetdbd get version

Verify Fix Applied:

After update, test with same SQL queries that previously caused DoS; service should remain stable.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages related to BATcalcbetween_intern
Database crash logs or restart events

Network Indicators:

High volume of SQL queries with BETWEEN clauses from single sources

SIEM Query:

source="monetdb.log" AND ("BATcalcbetween_intern" OR "crash" OR "segfault")

📊 Metadata

CVE ID: CVE-2024-57615

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-89

EPSS Score: 0.09% exploit probability (25th percentile)

Published: January 14, 2025

Last Updated: April 10, 2025

🔗 References

https://github.com/MonetDB/MonetDB/issues/7413 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57615, you might also want to check these: