cbcvebase.
CVE-2024-32886
published 2024-05-08

CVE-2024-32886: Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop…

PriorityP422medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
0.75%
50.3th percentile
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.

Affected

13 ranges
VendorProductVersion rangeFixed in
github.comvitessio_vitess>= 0 < 17.0.717.0.7
github.comvitessio_vitess>= 18.0.0 < 18.0.518.0.5
github.comvitessio_vitess>= 19.0.0 < 19.0.419.0.4
msrcazl3_vitess_19.0.4-1_on_azure_linux_3.0
msrcazl3_vitess_19.0.4-7_on_azure_linux_3.0
msrccbl2_vitess_17.0.7-1_on_cbl_mariner_2.0
msrccbl2_vitess_17.0.7-7_on_cbl_mariner_2.0
vitess.iovitess>= 0 < 0.17.70.17.7
vitess.iovitess>= 0.18.0 < 0.18.50.18.5
vitess.iovitess>= 0.19.0 < 0.19.40.19.4
vitessiovitess< 17.0.717.0.7
vitessiovitess
vitessiovitess

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
vendor_msrc4.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.