blob: 5d80472e7dec8eea599edc650b8bf648775e3bf2 [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2024-2826",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-32886",
"GHSA-649x-hxfx-57j2"
],
"summary": "Denial of service attack by triggering unbounded memory usage in vitess.io/vitess",
"details": "When executing a query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. This causes a denial of service.",
"affected": [
{
"package": {
"name": "vitess.io/vitess",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.17.7"
},
{
"introduced": "0.18.0"
},
{
"fixed": "0.18.5"
},
{
"introduced": "0.19.0"
},
{
"fixed": "0.19.4"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "vitess.io/vitess/go/mysql/collations/charset",
"symbols": [
"Convert",
"ConvertFromBinary",
"ConvertFromUTF8",
"Validate",
"convertSlow"
]
},
{
"path": "vitess.io/vitess/go/mysql/collations/charset/unicode",
"symbols": [
"Charset_ucs2.DecodeRune",
"Charset_utf16be.DecodeRune",
"Charset_utf16be.EncodeRune",
"Charset_utf32.EncodeRune"
]
},
{
"path": "vitess.io/vitess/go/vt/vtgate/evalengine",
"symbols": [
"Add",
"AggregateEvalTypes",
"CoerceTo",
"CoerceTypes",
"Column.Format",
"Column.FormatFast",
"Comparison.ApplyTinyWeights",
"Comparison.Compare",
"Comparison.Less",
"Comparison.More",
"Comparison.Sort",
"Comparison.SortResult",
"CompiledExpr.Format",
"CompiledExpr.FormatFast",
"Divide",
"EvalResult.MustBoolean",
"EvalResult.String",
"EvalResult.ToBoolean",
"EvalResult.ToBooleanStrict",
"EvalResult.TupleValues",
"EvalResult.Value",
"ExpressionEnv.Evaluate",
"ExpressionEnv.EvaluateVM",
"FieldResolver.Column",
"IntroducerExpr.eval",
"Literal.Format",
"Literal.FormatFast",
"Merger.Init",
"Merger.Pop",
"Merger.Push",
"Multiply",
"NewLiteralBinaryFromBit",
"NewLiteralDateFromBytes",
"NewLiteralDatetimeFromBytes",
"NewLiteralDecimalFromBytes",
"NewLiteralFloatFromBytes",
"NewLiteralIntegralFromBytes",
"NewLiteralTimeFromBytes",
"NullSafeAdd",
"NullsafeCompare",
"NullsafeHashcode",
"NullsafeHashcode128",
"OrderByParams.Compare",
"OrderByParams.String",
"Sorter.Push",
"Sorter.Sorted",
"Subtract",
"Translate",
"TupleBindVariable.Format",
"TupleBindVariable.FormatFast",
"TupleExpr.Format",
"TupleExpr.FormatFast",
"UnsupportedCollationError.Error",
"UntypedExpr.Compile",
"UntypedExpr.Format",
"UntypedExpr.FormatFast",
"WeightString",
"aggregationDecimal.Add",
"aggregationDecimal.Max",
"aggregationDecimal.Min",
"aggregationFloat.Add",
"aggregationFloat.Max",
"aggregationFloat.Min",
"aggregationInt.Add",
"aggregationInt.Max",
"aggregationInt.Min",
"aggregationMinMax.Max",
"aggregationMinMax.Min",
"aggregationSumAny.Add",
"aggregationSumCount.Add",
"aggregationUint.Add",
"aggregationUint.Max",
"aggregationUint.Min",
"argError.Error",
"assembler.Fn_JSON_KEYS",
"assembler.Fn_REGEXP_REPLACE_slow",
"assembler.PushLiteral",
"astCompiler.translateIntroducerExpr",
"errJSONType.Error",
"evalBytes.Hash"
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2"
},
{
"type": "FIX",
"url": "https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df"
},
{
"type": "FIX",
"url": "https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055"
},
{
"type": "FIX",
"url": "https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d"
},
{
"type": "FIX",
"url": "https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79"
},
{
"type": "WEB",
"url": "https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71"
}
],
"credits": [
{
"name": "@dbussink, @mattrobenolt, and @vmg"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2826"
}
}