CVE-2024-32886
- Source
- https://cve.org/CVERecord?id=CVE-2024-32886
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32886.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-32886
- Aliases
- Downstream
- Published
- 2024-05-08T14:10:24.863Z
- Modified
- 2026-05-18T12:03:00.319843337Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Vitess vulnerable to infinite memory consumption and vtgate crash
- Details
-
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the
vtgatewill go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7. - Database specific
{ "cwe_ids": [ "CWE-835" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32886.json" }- References
-
- https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79
- https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32886.json
- https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2
- https://nvd.nist.gov/vuln/detail/CVE-2024-32886
- https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df
- https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055
- https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d
- https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202