Endless Loop Vulnerability Affects Vitess Database Clustering System

CVE-2024-32886

4.9MEDIUM

Key Information

Vendor: Vitessio
Status: Vitess
Vendor: CVE Published:; 8 May 2024

Summary

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.

Affected Version(s)

vitess < 17.0.7

vitess < 18.0.0, 18.0.5

vitess < 19.0.0, 19.0.4

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 8, 2024
Vulnerability Reserved.
Apr 19, 2024

Collectors

NVD DatabaseMitre Database