CVE-2026-11312

Summary

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
bytedanceInfiniStore0.2.0affected
bytedanceInfiniStore0.2.1affected
bytedanceInfiniStore0.2.2affected
bytedanceInfiniStore0.2.3affected
bytedanceInfiniStore0.2.4affected
bytedanceInfiniStore0.2.5affected
bytedanceInfiniStore0.2.6affected
bytedanceInfiniStore0.2.7affected
bytedanceInfiniStore0.2.8affected
bytedanceInfiniStore0.2.9affected
bytedanceInfiniStore0.2.10affected
bytedanceInfiniStore0.2.11affected
bytedanceInfiniStore0.2.12affected
bytedanceInfiniStore0.2.13affected
bytedanceInfiniStore0.2.14affected
bytedanceInfiniStore0.2.15affected
bytedanceInfiniStore0.2.16affected
bytedanceInfiniStore0.2.17affected
bytedanceInfiniStore0.2.18affected
bytedanceInfiniStore0.2.19affected
bytedanceInfiniStore0.2.20affected
bytedanceInfiniStore0.2.21affected
bytedanceInfiniStore0.2.22affected
bytedanceInfiniStore0.2.23affected
bytedanceInfiniStore0.2.24affected
bytedanceInfiniStore0.2.25affected
bytedanceInfiniStore0.2.26affected
bytedanceInfiniStore0.2.27affected
bytedanceInfiniStore0.2.28affected
bytedanceInfiniStore0.2.29affected
bytedanceInfiniStore0.2.30affected
bytedanceInfiniStore0.2.31affected
bytedanceInfiniStore0.2.32affected
bytedanceInfiniStore0.2.33affected

Weaknesses

  • CWE-407: Inefficient Algorithmic Complexity
  • CWE-404: Denial of Service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References