CVE-2024-32886MEDIUM≥ 19.0.0, < 19.0.4·≥ 18.0.0, < 18.0.5+1 more2024-05-08
CVE-2024-32886 [MEDIUM] CWE-835 Vitess vulnerable to infinite memory consumption and vtgate crash
Vitess vulnerable to infinite memory consumption and vtgate crash
### Summary
When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will OOM.
### Details
When running the following query, the `evalengine` will try evaluate it and runs forever.
```
select _utf16 0xFF
```
The source of the bug lies in the collation lo
ghsaosv