An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-4039 advisory.

    [1:6.1.6-7.0.1]
    - Back port fix for CVE-2024-57656 [Orabug:37856848]

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4039 advisory.

    Kernel-based Virtual Machine (KVM) offers a full virtualization solution forLinux on numerous hardware     platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual     machines using KVM.The packages also provide APIs for managing and interacting with the virtualized     systems.

    Security Fix(es):

    * virtuoso-opensource: DoS in sqlc_add_distinct_node (CVE-2024-57656)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers     to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57656)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of virtuoso-opensource installed on the remote host is prior to 7.2.14-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2755 advisory.

    An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a     Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57635)

    An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57636)

    An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers     to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57637)

    An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause     a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57638)

    An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a     Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57639)

    An issue in the dc_add_int component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a     Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57640)

    An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a     Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57641)

    An issue in the dfe_inx_op_col_def_table component of openlink virtuoso-opensource v7.2.11 allows     attackers to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57642)

    An issue in the box_deserialize_string component of openlink virtuoso-opensource v7.2.11 allows attackers     to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57643)

    An issue in the itc_hash_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57644)

    An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57645)

    An issue in the psiginfo component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a     Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57646)

    An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57647)

    An issue in the itc_set_param_row component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57648)

    An issue in the qst_vec_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a     Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57649)

    An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57650)

    An issue in the jp_add component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a     Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57651)

    An issue in the numeric_to_dv component of openlink virtuoso-opensource v7.2.11 allows attackers to cause     a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57652)

    An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57653)

    An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57654)

    An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause     a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57655)

    An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers     to cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57656)

    An issue in the sqlg_vec_upd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a     Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57657)

    An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57658)

    An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57659)

    An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57660)

    An issue in the sqlo_df component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a     Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57661)

    An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57662)

    An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57663)

    An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to     cause a Denial of Service (DoS) via crafted SQL statements. (CVE-2024-57664)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote web server is affected by a denial of service vulnerability.  An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

ID	Name	Product	Family	Severity
235153	Oracle Linux 7 : virtuoso-opensource (ELSA-2025-4039)	Nessus	Oracle Linux Local Security Checks	high
234770	RHEL 7 : virtuoso-opensource (RHSA-2025:4039)	Nessus	Red Hat Local Security Checks	high
231395	Linux Distros Unpatched Vulnerability : CVE-2024-57656	Nessus	Misc.	high
216821	Amazon Linux 2 : virtuoso-opensource (ALAS-2025-2755)	Nessus	Amazon Linux Local Security Checks	high
215004	OpenLink Virtuoso < 7.2.14 DoS	Nessus	Misc.	high

Detections

Analytics

CVE-2024-57656

high

Tenable Plugins

high

high

high

high

high