CVE-2024-32886

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-32886

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32886.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32886

Aliases

Published

2024-05-08T14:10:24.863Z

Modified

2026-04-02T12:16:28.800938Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Vitess vulnerable to infinite memory consumption and vtgate crash

Details

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32886.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-835"
    ]
}

References

Affected packages

Git / github.com/vitessio/vitess

Affected ranges

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9df4b66550e46b5d7079e21ed0e1b0f49f92b055

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c46dc5b6a4329a10589ca928392218d96031ac8d

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d438adf7e34a6cf00fe441db80842ec669a99202

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9df4b66550e46b5d7079e21ed0e1b0f49f92b055

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c46dc5b6a4329a10589ca928392218d96031ac8d

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d438adf7e34a6cf00fe441db80842ec669a99202

Affected versions

6.*

6.0.20-20200624

Other

empty

vtadmin-release-15-fix

v0.*

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.11.4

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.12.5

v0.12.6

v0.13.0

v0.13.1

v0.13.2

v0.13.3

v0.14.0

v0.14.1

v0.14.2

v0.14.4

v0.14.5

v0.15.0

v0.15.1

v0.15.2

v0.15.3

v0.15.4

v0.15.5

v0.16.0

v0.16.0-rc1

v0.16.1

v0.16.2

v0.16.3

v0.16.4

v0.16.5

v0.16.6

v0.16.7

v0.17.0

v0.17.0-rc1

v0.17.0-rc2

v0.17.1

v0.17.2

v0.17.3

v0.17.4

v0.17.5

v0.17.6

v0.17.7

v0.18.0

v0.18.0-rc1

v0.18.1

v0.18.2

v0.18.3

v0.18.4

v0.18.5

v0.18.6

v0.18.7

v0.18.8

v0.19.0

v0.19.0-rc1

v0.19.1

v0.19.10

v0.19.3

v0.19.4

v0.19.5

v0.19.6

v0.19.7

v0.19.8

v0.19.9

v0.20.0

v0.20.0-rc1

v0.20.0-rc2

v0.20.1

v0.20.2

v0.20.3

v0.20.4

v0.20.5

v0.20.6

v0.20.7

v0.20.8

v0.21.0

v0.21.0-rc1

v0.21.0-rc2

v0.21.1

v0.21.2

v0.21.3

v0.21.4

v0.21.5

v0.21.6

v0.22.0

v0.22.0-rc1

v0.22.0-rc2

v0.22.0-rc3

v0.22.1

v0.22.2

v0.22.3

v0.22.4

v0.23.0

v0.23.0-rc1

v0.23.0-rc2

v0.23.1

v0.23.2

v0.23.3

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v0.9.2

v10.*

v10.0.0

v10.0.0-rc1

v10.0.0-rc1-mysql80

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v11.*

v11.0.0

v11.0.0-rc1

v11.0.1

v11.0.2

v11.0.3

v11.0.4

v12.*

v12.0.0

v12.0.0-rc1

v12.0.1

v12.0.2

v12.0.3

v12.0.4

v12.0.5

v12.0.6

v13.*

v13.0.0

v13.0.0-rc1

v13.0.1

v13.0.2

v13.0.3

v14.*

v14.0.0

v14.0.0-rc1

v14.0.1

v14.0.2

v14.0.3

v14.0.4

v14.0.5

v15.*

v15.0.0

v15.0.0-rc1

v15.0.1

v15.0.2

v15.0.3

v15.0.4

v15.0.5

v16.*

v16.0.0

v16.0.0-rc1

v16.0.1

v16.0.2

v16.0.3

v16.0.4

v16.0.5

v16.0.6

v16.0.7

v17.*

v17.0.0

v17.0.0-rc1

v17.0.0-rc2

v17.0.1

v17.0.2

v17.0.3

v17.0.4

v17.0.5

v17.0.6

v17.0.7

v18.*

v18.0.0

v18.0.0-rc1

v18.0.1

v18.0.2

v18.0.3

v18.0.4

v18.0.5

v18.0.6

v18.0.7

v18.0.8

v19.*

v19.0.0

v19.0.0-rc1

v19.0.1

v19.0.10

v19.0.3

v19.0.4

v19.0.5

v19.0.6

v19.0.7

v19.0.8

v19.0.9

v2.*

v2.0.0

v2.0.0-alpha1

v2.0.0-alpha2

v2.0.0-alpha3

v2.0.0-alpha4

v2.0.0-alpha5

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-rc.1

v2.0.0-rc.2

v2.1.0

v2.1.0-alpha.1

v2.1.0-alpha.2

v2.1.0-rc.1

v2.1.1

v2.2

v2.2-alpha

v2.2.0-rc.1

v20.*

v20.0.0

v20.0.0-rc1

v20.0.0-rc2

v20.0.1

v20.0.2

v20.0.3

v20.0.4

v20.0.5

v20.0.6

v20.0.7

v20.0.8

v21.*

v21.0.0

v21.0.0-rc1

v21.0.0-rc2

v21.0.1

v21.0.2

v21.0.3

v21.0.4

v21.0.5

v21.0.6

v22.*

v22.0.0

v22.0.0-rc1

v22.0.0-rc2

v22.0.0-rc3

v22.0.1

v22.0.2

v22.0.3

v22.0.4

v23.*

v23.0.0

v23.0.0-rc1

v23.0.0-rc2

v23.0.1

v23.0.2

v23.0.3

v3.*

v3.0

v3.0.0-rc.1

v3.0.0-rc.2

v3.0.0-rc.3

v4.*

v4.0.0

v4.0.1

v5.*

v5.0.0

v5.0.1

v5.20+20200204

v6.*

v6.0.0-rc.1

v6.0.20-20200429

v6.0.20-20200508

v6.0.20-20200519

v6.0.20-20200525

v6.0.20-20200617

v6.0.20-20200624

v6.0.20-20200818

v7.*

v7.0.0

v7.0.0-beta

v7.0.1

v7.0.2

v7.0.3

v8.*

v8.0.0

v8.0.0-rc1

v8.0.0-test

v9.*

v9.0.0

v9.0.0-rc1

v9.0.1

v9.0.2

vitess-parent-3.*

vitess-parent-3.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32886.json"