Endless Loop Vulnerability Affects Vitess Database Clustering System
CVE-2024-32886
4.9MEDIUM
Key Information
- Vendor
- Vitessio
- Status
- Vitess
- Vendor
- CVE Published:
- 8 May 2024
Summary
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate
will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.
Affected Version(s)
vitess < 17.0.7
vitess < 18.0.0, 18.0.5
vitess < 19.0.0, 19.0.4
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database