CVE-2024-57659 – This vulnerability in OpenLink Virtuoso OpenSou... (How to Fix)

Q: What is the severity of CVE-2024-57659?

CVE-2024-57659 has a CVSS score of 7.5 (HIGH). This vulnerability in OpenLink Virtuoso OpenSource allows attackers to cause denial of service by sending specially crafted SQL statements to the sqlg_parallel_ts_seq component. The vulnerability affects Virtuoso OpenSource v7.2.11 installations that expose database functionality to untrusted users.

📋 TL;DR

This vulnerability in OpenLink Virtuoso OpenSource allows attackers to cause denial of service by sending specially crafted SQL statements to the sqlg_parallel_ts_seq component. The vulnerability affects Virtuoso OpenSource v7.2.11 installations that expose database functionality to untrusted users.

💻 Affected Systems

Products:

OpenLink Virtuoso OpenSource

Versions: v7.2.11

Operating Systems: All platforms running Virtuoso

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations where SQL execution is available to attackers. Default installations with network access enabled are vulnerable.

📦 What is this software?

Virtuoso by Openlinksw

View all CVEs affecting Virtuoso →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service disruption requiring restart, potentially affecting all applications relying on the database.

🟠

Likely Case

Temporary service degradation or crash affecting database availability until restart.

🟢

If Mitigated

Minimal impact with proper input validation and access controls limiting who can execute SQL statements.

🌐 Internet-Facing: HIGH if database endpoints are exposed to the internet without proper authentication.

🏢 Internal Only: MEDIUM for internal databases where authenticated users could still exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to execute SQL statements against the vulnerable component. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub issue for latest patched version

Vendor Advisory: https://github.com/openlink/virtuoso-opensource/issues/1212

Restart Required: No

Instructions:

1. Check the GitHub issue for patch availability. 2. Update to the latest patched version. 3. Verify the fix by testing with known problematic SQL patterns.

🔧 Temporary Workarounds

Restrict SQL Execution

all

Limit who can execute SQL statements against the database

Input Validation

all

Implement input validation for SQL statements before processing

🧯 If You Can't Patch

Implement strict access controls to limit database access to trusted users only
Deploy network segmentation to isolate database from untrusted networks
Monitor for unusual SQL patterns and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check if running Virtuoso v7.2.11 and review access controls for SQL execution

Check Version:

SELECT sys_stat('st_dbms_version');

Verify Fix Applied:

Test with SQL patterns known to trigger the issue after applying patches

📡 Detection & Monitoring

Log Indicators:

Database crash logs
Unusual SQL statement patterns
Repeated connection failures

Network Indicators:

Unusual volume of SQL queries from single source
Database port becoming unresponsive

SIEM Query:

source="virtuoso.log" AND ("crash" OR "segmentation fault" OR "abnormal termination")

📊 Metadata

CVE ID: CVE-2024-57659

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-404

EPSS Score: 0.32% exploit probability (54.6th percentile)

Published: January 14, 2025

Last Updated: April 17, 2025

🔗 References

https://github.com/openlink/virtuoso-opensource/issues/1212 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57659, you might also want to check these: