Skip to content

Instantly share code, notes, and snippets.

@ycybfhb
Last active August 9, 2024 08:15
Show Gist options
  • Save ycybfhb/1427881e7db911786837d32b0669e06b to your computer and use it in GitHub Desktop.
Save ycybfhb/1427881e7db911786837d32b0669e06b to your computer and use it in GitHub Desktop.
[CVE ID]
CVE-2024-41435
[PRODUCT]
YugabyteDB
[VERSION]
2.21.1.0
[PROBLEM TYPE]
buffer overflow
[DESCRIPTION]
YugabyteDB 2.21.1.0 was discovered to contain a buffer overflow vulnerability,
which could lead to database crashes and denial of service attacks.
This was an issue with lifecycle management of TupleTableSlots used in SubPlans (CASE WHEN(..) ... END)
that were used in conjunction with a ValueScan (inserting multiple rows).
The issue was present in vanilla postgres 11.2 (the version YugabyteDB is currently based on)
and fixed in a subsequent minor release of postgres 11.
[Reference]
https://github.com/yugabyte/yugabyte-db/issues/22967
[Discoverer]
Jiaju Bai, Zixuan Fu, Hongbo Feng, Jianwei Liu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment