Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36362: MonetDB server 11.46.0 crashes in `rel_sequences` · Issue #7387 · MonetDB/MonetDB

An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE
Open in Source
#sql#dos

Describe the bug
MonetDB server 11.46.0 crashes in rel_sequences after executing SQL statements through mclient.

Expected behavior
Executing statements successfully or throwing errors, instead of breaking down the whole MonetDB server.

#0 0x7ff49bdd36d0 (rel_sequences+0x830)
#1 0x7ff49bdb10c1 (rel_semantic+0xc1)
#2 0x7ff49bc8eb53 (sql_symbol2relation+0x73)
#3 0x7ff49bca810d (SQLparser+0x37d)
#4 0x7ff49bca787b (SQLengine_+0x59b)
#5 0x7ff49bca6343 (SQLengine+0x23)
#6 0x7ff49c0356cf (runScenario+0x4f)
#7 0x7ff49c03616c (MSscheduleClient+0x68c)
#8 0x7ff49c0ddc2b (doChallenge+0xfb)
#9 0x7ff49c75cba0 (THRstarter+0x100)
#10 0x7ff49c7cccc4 (thread_starter+0x34)
#11 0x7ff49bb41609 (start_thread+0xd9)
#12 0x7ff49ba66133 (clone+0x43)

Additional context
The MonetDB here runs in-memory database. The command line of starting MonetDB server is mserver5 --in-memory.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE