CVE-2025-65942

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-65942
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65942.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-65942
Aliases
Downstream
Published
2025-11-25T22:25:46.021Z
Modified
2025-11-26T19:57:21.632086Z
Severity
  • 2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
VictoriaMetrics Snappy Decoder DoS Vulnerability is Causing OOM
Details

VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest limits. This issue has been patched in versions 1.110.23, 1.122.8, and 1.129.1.

Database specific 
{
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / github.com/victoriametrics/victoriametrics

Affected ranges

Type
GIT
Repo
https://github.com/victoriametrics/victoriametrics
Events
Introduced
99607e2f3b46ffa7d8883d5a211a8898a31e98fa
Fixed
780cb1bf05a341c2fb72aeb6f48a43a73f25bc21
Database specific 
{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.110.23"
        }
    ]
}
Type
GIT
Repo
https://github.com/victoriametrics/victoriametrics
Events
Introduced
f01f63a6bb24f4a2876cdebdd1f31ac11cac75e0
Fixed
780cb1bf05a341c2fb72aeb6f48a43a73f25bc21
Database specific 
{
    "versions": [
        {
            "introduced": "1.111.0"
        },
        {
            "fixed": "1.122.8"
        }
    ]
}
Type
GIT
Repo
https://github.com/victoriametrics/victoriametrics
Events
Introduced
9287ab8ff89939985576adea4c422a7f4061acac
Fixed
6661154b41a26b6fd538fa767c657f119d060410
Database specific 
{
    "versions": [
        {
            "introduced": "1.123.0"
        },
        {
            "fixed": "1.129.1"
        }
    ]
}

Affected versions

v1.*

v1.0.0-victorialogs
v1.1.0-victorialogs
v1.10.0-victorialogs
v1.10.1-victorialogs
v1.102.10
v1.102.11
v1.102.12
v1.102.13
v1.102.14
v1.102.15
v1.102.16
v1.102.17
v1.102.18
v1.102.19
v1.102.20
v1.102.21
v1.102.22
v1.102.23
v1.102.24
v1.102.25
v1.102.26
v1.102.7
v1.102.8
v1.102.9
v1.106.1
v1.108.1
v1.109.0
v1.109.1
v1.11.0-victorialogs
v1.110.1
v1.110.10
v1.110.11
v1.110.12
v1.110.13
v1.110.14
v1.110.15
v1.110.16
v1.110.17
v1.110.18
v1.110.19
v1.110.2
v1.110.20
v1.110.21
v1.110.22
v1.110.3
v1.110.4
v1.110.5
v1.110.6
v1.110.7
v1.110.8
v1.110.9
v1.111.0
v1.113.0
v1.114.0
v1.115.0
v1.117.0
v1.117.1
v1.118.0
v1.119.0
v1.12.0-victorialogs
v1.120.0
v1.121.0
v1.122.0
v1.122.1
v1.122.2
v1.122.3
v1.122.4
v1.122.5
v1.122.6
v1.122.7
v1.123.0
v1.123.0-cluster
v1.124.0
v1.124.0-cluster
v1.125.0
v1.125.0-cluster
v1.125.1
v1.125.1-cluster
v1.126.0
v1.126.0-cluster
v1.127.0
v1.127.0-cluster
v1.128.0
v1.128.0-cluster
v1.129.0
v1.129.0-cluster
v1.129.1
v1.13.0-victorialogs
v1.14.0-victorialogs
v1.15.0-victorialogs
v1.16.0-victorialogs
v1.17.0-victorialogs
v1.18.0-victorialogs
v1.19.0-victorialogs
v1.2.0-victorialogs
v1.20.0-victorialogs
v1.21.0-victorialogs
v1.22.0-victorialogs
v1.22.1-victorialogs
v1.22.2-victorialogs
v1.23.0-victorialogs
v1.23.1-victorialogs
v1.23.2-victorialogs
v1.23.3-victorialogs
v1.24.0-victorialogs
v1.3.0-victorialogs
v1.3.1-victorialogs
v1.3.2-victorialogs
v1.4.0-victorialogs
v1.5.0-victorialogs
v1.6.0-victorialogs
v1.6.1-victorialogs
v1.7.0-victorialogs
v1.8.0-victorialogs
v1.9.0-victorialogs
v1.9.1-victorialogs
v1.97.12
v1.97.13
v1.97.14
v1.97.15
v1.97.16
v1.97.17