AZL-40493

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40493.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-40493

Upstream

CVE-2024-32886

Published

2024-05-08T14:15:08Z

Modified

2026-04-01T05:14:02.668701Z

Summary

CVE-2024-32886 affecting package vitess for versions less than 17.0.7-1

Details

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-32886

Affected packages

Azure Linux:2 / vitess

Package

Name: vitess
Purl: pkg:rpm/azure-linux/vitess

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.0.7-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40493.json"