CVE-2024-32886

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32886

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32886.json

Aliases

Published

2024-05-08T14:15:08Z

Modified

2024-05-14T13:12:37.701403Z

Summary

[none]

Details

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.

References

Affected packages

Git / github.com/vitessio/vitess

Affected ranges

Type: GIT
Repo: https://github.com/vitessio/vitess
Events: Introduced

0The exact introduced commit is unknown

Fixed

2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df

Fixed

9df4b66550e46b5d7079e21ed0e1b0f49f92b055

Fixed

c46dc5b6a4329a10589ca928392218d96031ac8d

Fixed

d438adf7e34a6cf00fe441db80842ec669a99202

Affected versions

v0.*

v0.10.0

v0.10.2

v0.17.0

v0.17.0-rc1

v0.17.0-rc2

v0.17.1

v0.17.2

v0.17.3

v0.17.4

v0.17.5

v0.17.6

v0.18.0

v0.18.0-rc1

v0.18.1

v0.18.2

v0.18.3

v0.18.4

v0.19.0

v0.19.0-rc1

v0.19.1

v0.19.3

v0.8.0

v0.9.0

v0.9.1

v10.*

v10.0.0

v10.0.0-rc1

v10.0.0-rc1-mysql80

v10.0.1

v10.0.2

v11.*

v11.0.0-rc1

v17.*

v17.0.0

v17.0.0-rc1

v17.0.0-rc2

v17.0.1

v17.0.2

v17.0.3

v17.0.4

v17.0.5

v17.0.6

v18.*

v18.0.0

v18.0.0-rc1

v18.0.1

v18.0.2

v18.0.3

v18.0.4

v19.*

v19.0.0

v19.0.0-rc1

v19.0.1

v19.0.3

v2.*

v2.0.0-alpha1

v2.0.0-alpha2

v2.0.0-alpha3

v2.0.0-alpha4

v2.0.0-alpha5

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-rc.1

v2.0.0-rc.2

v2.1.0-alpha.1

v2.2

v2.2-alpha

v2.2.0-rc.1

v3.*

v3.0

v3.0.0-rc.1

v3.0.0-rc.2

v3.0.0-rc.3

v5.*

v5.0.0

v5.0.1

v6.*

v6.0.0-rc.1

v7.*

v7.0.0-beta

v8.*

v8.0.0

v8.0.0-rc1

v8.0.0-test

v9.*

v9.0.0

v9.0.0-rc1

v9.0.1

v9.0.2