data/osv/GO-2024-2826.json

{
  "schema_version": "1.3.1",
  "id": "GO-2024-2826",
  "modified": "0001-01-01T00:00:00Z",
  "published": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2024-32886",
    "GHSA-649x-hxfx-57j2"
  ],
  "summary": "Denial of service attack by triggering unbounded memory usage in vitess.io/vitess",
  "details": "When executing a query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. This causes a denial of service.",
  "affected": [
    {
      "package": {
        "name": "vitess.io/vitess",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.17.7"
            },
            {
              "introduced": "0.18.0"
            },
            {
              "fixed": "0.18.5"
            },
            {
              "introduced": "0.19.0"
            },
            {
              "fixed": "0.19.4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "imports": [
          {
            "path": "vitess.io/vitess/go/mysql/collations/charset",
            "symbols": [
              "Convert",
              "ConvertFromBinary",
              "ConvertFromUTF8",
              "Validate",
              "convertSlow"
            ]
          },
          {
            "path": "vitess.io/vitess/go/mysql/collations/charset/unicode",
            "symbols": [
              "Charset_ucs2.DecodeRune",
              "Charset_utf16be.DecodeRune",
              "Charset_utf16be.EncodeRune",
              "Charset_utf32.EncodeRune"
            ]
          },
          {
            "path": "vitess.io/vitess/go/vt/vtgate/evalengine",
            "symbols": [
              "Add",
              "AggregateEvalTypes",
              "CoerceTo",
              "CoerceTypes",
              "Column.Format",
              "Column.FormatFast",
              "Comparison.ApplyTinyWeights",
              "Comparison.Compare",
              "Comparison.Less",
              "Comparison.More",
              "Comparison.Sort",
              "Comparison.SortResult",
              "CompiledExpr.Format",
              "CompiledExpr.FormatFast",
              "Divide",
              "EvalResult.MustBoolean",
              "EvalResult.String",
              "EvalResult.ToBoolean",
              "EvalResult.ToBooleanStrict",
              "EvalResult.TupleValues",
              "EvalResult.Value",
              "ExpressionEnv.Evaluate",
              "ExpressionEnv.EvaluateVM",
              "FieldResolver.Column",
              "IntroducerExpr.eval",
              "Literal.Format",
              "Literal.FormatFast",
              "Merger.Init",
              "Merger.Pop",
              "Merger.Push",
              "Multiply",
              "NewLiteralBinaryFromBit",
              "NewLiteralDateFromBytes",
              "NewLiteralDatetimeFromBytes",
              "NewLiteralDecimalFromBytes",
              "NewLiteralFloatFromBytes",
              "NewLiteralIntegralFromBytes",
              "NewLiteralTimeFromBytes",
              "NullSafeAdd",
              "NullsafeCompare",
              "NullsafeHashcode",
              "NullsafeHashcode128",
              "OrderByParams.Compare",
              "OrderByParams.String",
              "Sorter.Push",
              "Sorter.Sorted",
              "Subtract",
              "Translate",
              "TupleBindVariable.Format",
              "TupleBindVariable.FormatFast",
              "TupleExpr.Format",
              "TupleExpr.FormatFast",
              "UnsupportedCollationError.Error",
              "UntypedExpr.Compile",
              "UntypedExpr.Format",
              "UntypedExpr.FormatFast",
              "WeightString",
              "aggregationDecimal.Add",
              "aggregationDecimal.Max",
              "aggregationDecimal.Min",
              "aggregationFloat.Add",
              "aggregationFloat.Max",
              "aggregationFloat.Min",
              "aggregationInt.Add",
              "aggregationInt.Max",
              "aggregationInt.Min",
              "aggregationMinMax.Max",
              "aggregationMinMax.Min",
              "aggregationSumAny.Add",
              "aggregationSumCount.Add",
              "aggregationUint.Add",
              "aggregationUint.Max",
              "aggregationUint.Min",
              "argError.Error",
              "assembler.Fn_JSON_KEYS",
              "assembler.Fn_REGEXP_REPLACE_slow",
              "assembler.PushLiteral",
              "astCompiler.translateIntroducerExpr",
              "errJSONType.Error",
              "evalBytes.Hash"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
    },
    {
      "type": "FIX",
      "url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
    },
    {
      "type": "FIX",
      "url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
    },
    {
      "type": "FIX",
      "url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
    },
    {
      "type": "FIX",
      "url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
    }
  ],
  "credits": [
    {
      "name": "@dbussink, @mattrobenolt, and @vmg"
    }
  ],
  "database_specific": {
    "url": "https://pkg.go.dev/vuln/GO-2024-2826",
    "review_status": "REVIEWED"
  }
}