CVE-2024-32886

Summary

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.

Affected Software

VendorProductVersion RangeStatus
vitessiovitess< 17.0.7affected
vitessiovitess>= 18.0.0, < 18.0.5affected
vitessiovitess>= 19.0.0, < 19.0.4affected

Weaknesses

  • CWE-835: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References