5 matches found
CVE-2024-32886 affecting package vitess for versions less than 19.0.4-1
CVE-2024-32886 affecting package vitess for versions less than 19.0.4-1. A patched version of the package is available...
CVE-2024-32886 affecting package vitess for versions less than 17.0.7-1
CVE-2024-32886 affecting package vitess for versions less than 17.0.7-1. A patched version of the package is available...
AZL-40360 CVE-2024-32886 affecting package vitess for versions less than 19.0.4-1
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...
CVE-2024-32886
CVE-2024-32886 affects Vitess vtgate, causing a Denial of Service via unbounded memory growth due to a bug in the collation/UTF-16 decoding path (affecting encodings like utf16/utf32/ucs2). Affected versions are fixed in Vitess releases 19.0.4, 18.0.5, and 17.0.7. The issue is demonstrated by a q...
CVE-2024-32886 Vitess vulnerable to infinite memory consumption and vtgate crash
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...