CVE-2024-32886

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-32886
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32886.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-32886
Aliases
Published
2024-05-08T14:10:24Z
Modified
2025-11-11T03:03:50.854902Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Vitess vulnerable to infinite memory consumption and vtgate crash
Details

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.

Database specific 
{
    "cwe_ids": [
        "CWE-835"
    ]
}
References

Affected packages

Git / github.com/vitessio/vitess

Affected ranges

Type
GIT
Repo
https://github.com/vitessio/vitess
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7c0245d6fbdd7a92a4da4412752c5c2b3ff02b43
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "17.0.7"
        }
    ]
}
Type
GIT
Repo
https://github.com/vitessio/vitess
Events
Introduced
9a6f5262f7707ff80ce85c111d2ff686d85d29cc
Fixed
4bd2e1c2f88cbff68f8b969a9ee6dad236713490
Database specific 
{
    "versions": [
        {
            "introduced": "18.0.0"
        },
        {
            "fixed": "18.0.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/vitessio/vitess
Events
Introduced
97fdf78e0f916df2a1404f78208307c9a8de78e1
Fixed
2c56724549a0fe9262a10ea5e8ffad8594d51a29
Database specific 
{
    "versions": [
        {
            "introduced": "19.0.0"
        },
        {
            "fixed": "19.0.4"
        }
    ]
}

Affected versions

v0.*

v0.10.0
v0.10.2
v0.17.0
v0.17.0-rc1
v0.17.0-rc2
v0.17.1
v0.17.2
v0.17.3
v0.17.4
v0.17.5
v0.17.6
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.18.4
v0.19.0
v0.19.1
v0.19.3
v0.8.0
v0.9.0
v0.9.1

v10.*

v10.0.0
v10.0.0-rc1
v10.0.0-rc1-mysql80
v10.0.1
v10.0.2

v11.*

v11.0.0-rc1

v17.*

v17.0.0
v17.0.0-rc1
v17.0.0-rc2
v17.0.1
v17.0.2
v17.0.3
v17.0.4
v17.0.5
v17.0.6

v18.*

v18.0.0
v18.0.1
v18.0.2
v18.0.3
v18.0.4

v19.*

v19.0.0
v19.0.1
v19.0.3

v2.*

v2.0.0-alpha1
v2.0.0-alpha2
v2.0.0-alpha3
v2.0.0-alpha4
v2.0.0-alpha5
v2.0.0-beta.1
v2.0.0-beta.2
v2.0.0-rc.1
v2.0.0-rc.2
v2.1.0-alpha.1
v2.2
v2.2-alpha
v2.2.0-rc.1

v3.*

v3.0
v3.0.0-rc.1
v3.0.0-rc.2
v3.0.0-rc.3

v5.*

v5.0.0
v5.0.1

v6.*

v6.0.0-rc.1

v7.*

v7.0.0-beta

v8.*

v8.0.0
v8.0.0-rc1
v8.0.0-test

v9.*

v9.0.0
v9.0.0-rc1
v9.0.1
v9.0.2