CVE-2024-57635 is a vulnerability identified in the chash_array component of OpenLink Virtuoso OpenSource version 7.2.11, a widely used multi-model database engine that supports SQL and RDF data. The flaw allows attackers to craft malicious SQL statements that trigger a Denial of Service (DoS) condition, likely by causing resource exhaustion or unhandled exceptions within the chash_array module. This component is critical for internal data handling and query processing. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. The CVSS v3.1 base score is 7.5, reflecting high severity due to the ease of exploitation and the impact on availability. The vulnerability is categorized under CWE-89, which typically relates to SQL Injection issues, suggesting that the crafted SQL statements exploit improper input handling or validation. Although no patches or exploits are currently documented, the lack of mitigations and the critical nature of database availability make this a significant threat to affected deployments.

The primary impact of CVE-2024-57635 is a Denial of Service condition that can disrupt database availability, potentially halting business operations that rely on Virtuoso OpenSource 7.2.11. This can affect applications and services dependent on the database for data retrieval, analytics, or semantic web functionalities. Organizations with high availability requirements or those running critical infrastructure on this platform may face operational downtime, loss of productivity, and reputational damage. Since the vulnerability does not affect confidentiality or integrity, data breaches or unauthorized data manipulation are not direct concerns. However, the ease of remote exploitation without authentication increases the risk of widespread attacks, especially in exposed network environments. The absence of known exploits currently provides a window for proactive mitigation before active exploitation emerges.

To mitigate CVE-2024-57635, organizations should first verify if they are running OpenLink Virtuoso OpenSource version 7.2.11 or earlier versions containing the vulnerable chash_array component. Since no official patches are currently available, immediate mitigation steps include restricting network access to the Virtuoso database server by implementing firewall rules and network segmentation to limit exposure to untrusted networks. Employing Web Application Firewalls (WAFs) or SQL query filtering mechanisms can help detect and block suspicious SQL queries that may exploit this vulnerability. Monitoring database logs for unusual or malformed SQL statements can provide early detection of exploitation attempts. Organizations should also engage with OpenLink for updates or patches and plan for timely upgrades once fixes are released. Additionally, applying the principle of least privilege to database access and disabling unnecessary services can reduce the attack surface.