Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36368: MonetDB server 11.46.0 crashes at cs_bind_ubat · Issue #7379 · MonetDB/MonetDB

An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE
#sql#ubuntu#dos#c++

Describe the bug
MonetDB server crashes at cs_bind_ubat after executing SQL statements through ODBC.

To Reproduce

CREATE TABLE t2 (c1 int, t1 int, c2 int); INSERT INTO t2 VALUES(127,255,1),(127,1,2),(-128,0,3),(-128,2,4),(-1,NULL,5); INSERT INTO t2 VALUES(200,126,1),(250,-127,2); INSERT INTO t2 VALUES (-128,0,1),(-1,1,1),(-2,2,2),(-3,3,3),(-4,4,4),(-5,5,5),(-6,6,6),(0,0,7),(1,1,8),(2,NULL,9),(3,NULL,10),(127,255,11); DELETE FROM t2 WHERE c1 IN (-2, 0); START TRANSACTION; UPDATE t2 SET c2 = c2 + 100; UPDATE t2 SET c2 = c2 + 100;

Expected behavior
Executing statements successfully or throwing errors, instead of breaking down the whole MonetDB server.

Backtrace

#0 0x7f6388374871 (cs_bind_ubat+0x151)
#1 0x7f6388373483 (bind_ubat+0x43)
#2 0x7f638836d860 (bind_updates+0xe0)
#3 0x7f63882854ce (mvc_bind_wrap+0x28e)
#4 0x7f6388614c63 (runMALsequence+0x763)
#5 0x7f63886185d4 (DFLOWworker+0x2c4)
#6 0x7f6388d4fba0 (THRstarter+0x100)
#7 0x7f6388dbfcc4 (thread_starter+0x34)
#8 0x7f6388134609 (start_thread+0xd9)
#9 0x7f6388059133 (clone+0x43)

Software versions

  • MonetDB server version: 11.46.0 (hg id: 63a42c2) (pulled from the master branch)
  • MonetDB ODBC version: 11.46.0
  • OS and version: ubuntu 20.04
  • Self-installed and compiled. The command line of compilation: CC=clang-12 CXX=clang+±12 cmake /root/monetdb_master -DCMAKE_BUILD_TYPE=RelWithDebInfo

**Issue labeling **
bug

Additional context
The MonetDB here runs in-memory database. The command line of starting MonetDB server is mserver5 --in-memory.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907