cvelistv5 - cve-2024-32886

CVE-2024-32886 (GCVE-0-2024-32886)

Vulnerability from cvelistv5 – Published: 2024-05-08 14:10 – Updated: 2024-08-02 02:20

Summary

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vitessio/vitess/security/advis…	x_refsource_CONFIRM
	https://github.com/vitessio/vitess/commit/2fd5ba1…	x_refsource_MISC
	https://github.com/vitessio/vitess/commit/9df4b66…	x_refsource_MISC
	https://github.com/vitessio/vitess/commit/c46dc5b…	x_refsource_MISC
	https://github.com/vitessio/vitess/commit/d438adf…	x_refsource_MISC
	https://github.com/vitessio/vitess/blob/8f6cfaaa6…	x_refsource_MISC
	https://github.com/vitessio/vitess/blob/8f6cfaaa6…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vitessio	vitess	Affected: < 17.0.7 Affected: >= 18.0.0, < 18.0.5 Affected: >= 19.0.0, < 19.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T15:55:36.665322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:51:58.563Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:20:35.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
          },
          {
            "name": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
          },
          {
            "name": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
          },
          {
            "name": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
          },
          {
            "name": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
          },
          {
            "name": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
          },
          {
            "name": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vitess",
          "vendor": "vitessio",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 17.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 18.0.0, \u003c 18.0.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 19.0.0, \u003c 19.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-08T14:10:24.863Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
        },
        {
          "name": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
        },
        {
          "name": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
        },
        {
          "name": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
        },
        {
          "name": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
        },
        {
          "name": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
        },
        {
          "name": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
        }
      ],
      "source": {
        "advisory": "GHSA-649x-hxfx-57j2",
        "discovery": "UNKNOWN"
      },
      "title": "Vitess vulnerable to infinite memory consumption and vtgate crash"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-32886",
    "datePublished": "2024-05-08T14:10:24.863Z",
    "dateReserved": "2024-04-19T14:07:11.231Z",
    "dateUpdated": "2024-08-02T02:20:35.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.\"}, {\"lang\": \"es\", \"value\": \"Vitess es un sistema de agrupaci\\u00f3n de bases de datos para el escalado horizontal de MySQL. Al ejecutar la siguiente consulta simple, `vtgate` entrar\\u00e1 en un bucle sin fin que tambi\\u00e9n sigue consumiendo memoria y eventualmente se quedar\\u00e1 sin memoria. Esta vulnerabilidad se solucion\\u00f3 en 19.0.4, 18.0.5 y 17.0.7.\"}]",
      "id": "CVE-2024-32886",
      "lastModified": "2024-11-21T09:15:56.327",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}]}",
      "published": "2024-05-08T14:15:08.310",
      "references": "[{\"url\": \"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-32886\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-05-08T14:15:08.310\",\"lastModified\":\"2024-11-21T09:15:56.327\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.\"},{\"lang\":\"es\",\"value\":\"Vitess es un sistema de agrupaci\u00f3n de bases de datos para el escalado horizontal de MySQL. Al ejecutar la siguiente consulta simple, `vtgate` entrar\u00e1 en un bucle sin fin que tambi\u00e9n sigue consumiendo memoria y eventualmente se quedar\u00e1 sin memoria. Esta vulnerabilidad se solucion\u00f3 en 19.0.4, 18.0.5 y 17.0.7.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"references\":[{\"url\":\"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Vitess vulnerable to infinite memory consumption and vtgate crash\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-835\", \"lang\": \"en\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2\"}, {\"name\": \"https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df\"}, {\"name\": \"https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055\"}, {\"name\": \"https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d\"}, {\"name\": \"https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202\"}, {\"name\": \"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79\"}, {\"name\": \"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71\"}], \"affected\": [{\"vendor\": \"vitessio\", \"product\": \"vitess\", \"versions\": [{\"version\": \"\u003c 17.0.7\", \"status\": \"affected\"}, {\"version\": \"\u003e= 18.0.0, \u003c 18.0.5\", \"status\": \"affected\"}, {\"version\": \"\u003e= 19.0.0, \u003c 19.0.4\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-08T14:10:24.863Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.\"}], \"source\": {\"advisory\": \"GHSA-649x-hxfx-57j2\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32886\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-09T15:55:36.665322Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-09T15:55:43.951Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-32886\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2024-04-19T14:07:11.231Z\", \"datePublished\": \"2024-05-08T14:10:24.863Z\", \"dateUpdated\": \"2024-06-04T17:51:58.563Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2024-32886

Vulnerability from gsd - Updated: 2024-04-20 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-32886

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-32886"
      ],
      "id": "GSD-2024-32886",
      "modified": "2024-04-20T05:02:00.502340Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-32886",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

GHSA-649X-HXFX-57J2

Vulnerability from github – Published: 2024-05-08 14:32 – Updated: 2024-05-10 21:33

Summary

Vitess vulnerable to infinite memory consumption and vtgate crash

Details

Summary

When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM.

Details

When running the following query, the evalengine will try evaluate it and runs forever.

select _utf16 0xFF

The source of the bug lies in the collation logic that we have. The bug applies to all utf16, utf32 and ucs2 encodings. In general, the bug is there for any encoding where the minimal byte length for a single character is more than 1 byte.

The decoding functions for these collations all implement logic like the following to enforce the minimal character length:

https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71

The problem is that all the callers of DecodeRune expect progress by returning the number of bytes consumed. This means that if there's only 1 byte left in an input, it will here return still 0 and the caller(s) don't consume the character.

One example of such a caller is the following:

https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79

The logic here moves forward the pointer in the input []byte but if DecodeRune returns 0 in case of error, it will keep running forever. The OOM happens since it keeps adding the ? as the invalid character to the destination buffer infinitely, growing forever until it runs out of memory.

The fix here would be to always return forward progress also on invalid strings.

There's also a separate bug here that even if progress is guaranteed, select _utf16 0xFF will return the wrong result currently. MySQL will pad here the input when the _utf16 introducer is used with leading 0x00 bytes and then decode to UTF-16, resulting in the output of ÿ here.

PoC

select _utf16 0xFF

Impact

Denial of service attack by triggering unbounded memory usage.

Severity ?

4.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/vitessio/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "19.0.0"
            },
            {
              "fixed": "19.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/vitessio/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "18.0.0"
            },
            {
              "fixed": "18.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/vitessio/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "vitess.io/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.17.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "vitess.io/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.18.0"
            },
            {
              "fixed": "0.18.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "vitess.io/vitess"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.19.0"
            },
            {
              "fixed": "0.19.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-32886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-08T14:32:32Z",
    "nvd_published_at": "2024-05-08T14:15:08Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nWhen executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will OOM.\n\n### Details\n\nWhen running the following query, the `evalengine` will try evaluate it and runs forever.\n\n```\nselect _utf16 0xFF\n```\n\nThe source of the bug lies in the collation logic that we have. The bug applies to all `utf16`,  `utf32` and `ucs2` encodings.  In general, the bug is there for any encoding where the minimal byte length for a single character is more than 1 byte.\n\nThe decoding functions for these collations all implement logic like the following to enforce the minimal character length:\n\nhttps://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71\n\nThe problem is that all the callers of `DecodeRune` expect progress by returning the number of bytes consumed. This means that if there\u0027s only 1 byte left in an input, it will here return still `0` and the caller(s) don\u0027t consume the character. \n\nOne example of such a caller is the following:\n\nhttps://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79\n\nThe logic here moves forward the pointer in the input `[]byte` but if `DecodeRune` returns `0` in case of error, it will keep running forever. The OOM happens since it keeps adding the `?` as the invalid character to the destination buffer infinitely, growing forever until it runs out of memory.\n\nThe fix here would be to always return forward progress also on invalid strings. \n\nThere\u0027s also a separate bug here that even if progress is guaranteed, `select _utf16 0xFF` will return the wrong result currently. MySQL will pad here the input when the `_utf16` introducer is used with leading `0x00` bytes and then decode to UTF-16, resulting in the output of `\u00ff` here. \n\n### PoC\n\n```\nselect _utf16 0xFF\n```\n\n### Impact\n\nDenial of service attack by triggering unbounded memory usage.",
  "id": "GHSA-649x-hxfx-57j2",
  "modified": "2024-05-10T21:33:14Z",
  "published": "2024-05-08T14:32:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32886"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vitessio/vitess"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Vitess vulnerable to infinite memory consumption and vtgate crash"
}

FKIE_CVE-2024-32886

Vulnerability from fkie_nvd - Published: 2024-05-08 14:15 - Updated: 2024-11-21 09:15

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79
	security-advisories@github.com	https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71
	security-advisories@github.com	https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df
	security-advisories@github.com	https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055
	security-advisories@github.com	https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d
	security-advisories@github.com	https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202
	security-advisories@github.com	https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7."
    },
    {
      "lang": "es",
      "value": "Vitess es un sistema de agrupaci\u00f3n de bases de datos para el escalado horizontal de MySQL. Al ejecutar la siguiente consulta simple, `vtgate` entrar\u00e1 en un bucle sin fin que tambi\u00e9n sigue consumiendo memoria y eventualmente se quedar\u00e1 sin memoria. Esta vulnerabilidad se solucion\u00f3 en 19.0.4, 18.0.5 y 17.0.7."
    }
  ],
  "id": "CVE-2024-32886",
  "lastModified": "2024-11-21T09:15:56.327",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-08T14:15:08.310",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

MSRC_CVE-2024-32886

Vulnerability from csaf_microsoft - Published: 2024-05-02 07:00 - Updated: 2025-09-03 19:46

Summary

Vitess vulnerable to infinite memory consumption and vtgate crash

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2024-32886 Vitess vulnerable to infinite memory consumption and vtgate crash - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-32886.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Vitess vulnerable to infinite memory consumption and vtgate crash",
    "tracking": {
      "current_release_date": "2025-09-03T19:46:44.000Z",
      "generator": {
        "date": "2025-10-20T01:36:29.189Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2024-32886",
      "initial_release_date": "2024-05-02T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-03T19:46:44.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 vitess 17.0.7-1",
                "product": {
                  "name": "\u003ccbl2 vitess 17.0.7-1",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 vitess 17.0.7-1",
                "product": {
                  "name": "cbl2 vitess 17.0.7-1",
                  "product_id": "17341"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 vitess 19.0.4-1",
                "product": {
                  "name": "\u003cazl3 vitess 19.0.4-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 vitess 19.0.4-1",
                "product": {
                  "name": "azl3 vitess 19.0.4-1",
                  "product_id": "17746"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 vitess 19.0.4-7",
                "product": {
                  "name": "\u003cazl3 vitess 19.0.4-7",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 vitess 19.0.4-7",
                "product": {
                  "name": "azl3 vitess 19.0.4-7",
                  "product_id": "17547"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 vitess 17.0.7-7",
                "product": {
                  "name": "\u003ccbl2 vitess 17.0.7-7",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 vitess 17.0.7-7",
                "product": {
                  "name": "cbl2 vitess 17.0.7-7",
                  "product_id": "19811"
                }
              }
            ],
            "category": "product_name",
            "name": "vitess"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 vitess 17.0.7-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 vitess 17.0.7-1 as a component of CBL Mariner 2.0",
          "product_id": "17341-17086"
        },
        "product_reference": "17341",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 vitess 19.0.4-1 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 vitess 19.0.4-1 as a component of Azure Linux 3.0",
          "product_id": "17746-17084"
        },
        "product_reference": "17746",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 vitess 19.0.4-7 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 vitess 19.0.4-7 as a component of Azure Linux 3.0",
          "product_id": "17547-17084"
        },
        "product_reference": "17547",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 vitess 17.0.7-7 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 vitess 17.0.7-7 as a component of CBL Mariner 2.0",
          "product_id": "19811-17086"
        },
        "product_reference": "19811",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-32886",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0026#39;Infinite Loop\u0026#39;)"
      },
      "notes": [
        {
          "category": "general",
          "text": "GitHub_M",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "17341-17086",
          "17746-17084",
          "17547-17084",
          "19811-17086"
        ],
        "known_affected": [
          "17086-4",
          "17084-2",
          "17084-3",
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-32886 Vitess vulnerable to infinite memory consumption and vtgate crash - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-32886.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-03T19:46:44.000Z",
          "details": "17.0.7-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-4",
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-03T19:46:44.000Z",
          "details": "19.0.4-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-2",
            "17084-3"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 4.9,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "17086-4",
            "17084-2",
            "17084-3",
            "17086-1"
          ]
        }
      ],
      "title": "Vitess vulnerable to infinite memory consumption and vtgate crash"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-32886 (GCVE-0-2024-32886)

GSD-2024-32886

GHSA-649X-HXFX-57J2

Summary

Details

PoC

Impact

FKIE_CVE-2024-32886

MSRC_CVE-2024-32886

Tags

Sightings

Nomenclature