x/vulndb: potential Go vuln in github.com/vitessio/vitess: GHSA-649x-hxfx-57j2

In GitHub Security Advisory [GHSA-649x-hxfx-57j2](https://github.com/advisories/GHSA-649x-hxfx-57j2), there is a vulnerability in the following Go packages or modules:

| Unit | Fixed | Vulnerable Ranges |
| - | - | - |
| [github.com/vitessio/vitess](https://pkg.go.dev/github.com/vitessio/vitess) | 17.0.7 | < 17.0.7 || [github.com/vitessio/vitess](https://pkg.go.dev/github.com/vitessio/vitess) | 18.0.5 | >= 18.0.0, < 18.0.5 || [github.com/vitessio/vitess](https://pkg.go.dev/github.com/vitessio/vitess) | 19.0.4 | >= 19.0.0, < 19.0.4 |

Cross references:
No existing reports found with this module or alias.

See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
modules:
    - module: github.com/vitessio/vitess
      versions:
        - fixed: 17.0.7
      packages:
        - package: github.com/vitessio/vitess
    - module: github.com/vitessio/vitess
      versions:
        - introduced: 18.0.0
          fixed: 18.0.5
      packages:
        - package: github.com/vitessio/vitess
    - module: github.com/vitessio/vitess
      versions:
        - introduced: 19.0.0
          fixed: 19.0.4
      packages:
        - package: github.com/vitessio/vitess
summary: Vitess vulnerable to infinite memory consumption and vtgate crash in github.com/vitessio/vitess
cves:
    - CVE-2024-32886
ghsas:
    - GHSA-649x-hxfx-57j2
references:
    - advisory: https://github.com/vitessio/vitess/security/advisories/GHSA-649x-hxfx-57j2
    - fix: https://github.com/vitessio/vitess/commit/2fd5ba1dbf6e9b32fdfdaf869d130066b1b5c0df
    - fix: https://github.com/vitessio/vitess/commit/9df4b66550e46b5d7079e21ed0e1b0f49f92b055
    - fix: https://github.com/vitessio/vitess/commit/c46dc5b6a4329a10589ca928392218d96031ac8d
    - fix: https://github.com/vitessio/vitess/commit/d438adf7e34a6cf00fe441db80842ec669a99202
    - web: https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/convert.go#L73-L79
    - web: https://github.com/vitessio/vitess/blob/8f6cfaaa643a08dc111395a75a2d250ee746cfa8/go/mysql/collations/charset/unicode/utf16.go#L69-L71
    - advisory: https://github.com/advisories/GHSA-649x-hxfx-57j2
source:
    id: GHSA-649x-hxfx-57j2

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/vitessio/vitess: GHSA-649x-hxfx-57j2 #2826

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/vitessio/vitess: GHSA-649x-hxfx-57j2 #2826

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions