-
-
Save ycybfhb/1427881e7db911786837d32b0669e06b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CVE ID] | |
CVE-2024-41435 | |
[PRODUCT] | |
YugabyteDB | |
[VERSION] | |
2.21.1.0 | |
[PROBLEM TYPE] | |
buffer overflow | |
[DESCRIPTION] | |
YugabyteDB 2.21.1.0 was discovered to contain a buffer overflow vulnerability, | |
which could lead to database crashes and denial of service attacks. | |
This was an issue with lifecycle management of TupleTableSlots used in SubPlans (CASE WHEN(..) ... END) | |
that were used in conjunction with a ValueScan (inserting multiple rows). | |
The issue was present in vanilla postgres 11.2 (the version YugabyteDB is currently based on) | |
and fixed in a subsequent minor release of postgres 11. | |
[Reference] | |
https://github.com/yugabyte/yugabyte-db/issues/22967 | |
[Discoverer] | |
Jiaju Bai, Zixuan Fu, Hongbo Feng, Jianwei Liu |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment