CVE-2024-32886

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32886

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32886.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32886

Aliases

Published

2024-05-08T14:15:08Z

Modified

2024-10-08T04:13:44.746264Z

Summary

[none]

Details

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.

References

Affected packages

Git / github.com/vitessio/vitess

Affected ranges

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df

Fixed

9df4b66550e46b5d7079e21ed0e1b0f49f92b055

Fixed

c46dc5b6a4329a10589ca928392218d96031ac8d

Fixed

d438adf7e34a6cf00fe441db80842ec669a99202

Affected versions

v0.*

v0.10.0

v0.10.2

v0.17.0

v0.17.0-rc1

v0.17.0-rc2

v0.17.1

v0.17.2

v0.17.3

v0.17.4

v0.17.5

v0.17.6

v0.18.0

v0.18.0-rc1

v0.18.1

v0.18.2

v0.18.3

v0.18.4

v0.19.0

v0.19.0-rc1

v0.19.1

v0.19.3

v0.8.0

v0.9.0

v0.9.1

v10.*

v10.0.0

v10.0.0-rc1

v10.0.0-rc1-mysql80

v10.0.1

v10.0.2

v11.*

v11.0.0-rc1

v17.*

v17.0.0

v17.0.0-rc1

v17.0.0-rc2

v17.0.1

v17.0.2

v17.0.3

v17.0.4

v17.0.5

v17.0.6

v18.*

v18.0.0

v18.0.0-rc1

v18.0.1

v18.0.2

v18.0.3

v18.0.4

v19.*

v19.0.0

v19.0.0-rc1

v19.0.1

v19.0.3

v2.*

v2.0.0-alpha1

v2.0.0-alpha2

v2.0.0-alpha3

v2.0.0-alpha4

v2.0.0-alpha5

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-rc.1

v2.0.0-rc.2

v2.1.0-alpha.1

v2.2

v2.2-alpha

v2.2.0-rc.1

v3.*

v3.0

v3.0.0-rc.1

v3.0.0-rc.2

v3.0.0-rc.3

v5.*

v5.0.0

v5.0.1

v6.*

v6.0.0-rc.1

v7.*

v7.0.0-beta

v8.*

v8.0.0

v8.0.0-rc1

v8.0.0-test

v9.*

v9.0.0

v9.0.0-rc1

v9.0.1

v9.0.2