Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2024-32886
Good to know:
Date: May 8, 2024
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the "vtgate" will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.
Language: Go
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-835Top Fix
Upgrade Version
Upgrade to version github.com/vitessio/vitess - v19.0.4;github.com/vitessio/vitess - v18.0.5;github.com/vitessio/vitess - v17.0.7;vitess.io/vitess - v0.17.7;vitess.io/vitess - v0.18.5;vitess.io/vitess - v0.19.4
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | HIGH |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |