Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
VictoriaMetrics Snappy Decoder DoS Vulnerability is Causing OOM
Vulnerability Description
VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest limits. This issue has been patched in versions 1.110.23, 1.122.8, and 1.129.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
VictoriaMetrics 安全漏洞
Vulnerability Description
VictoriaMetrics是VictoriaMetrics开源的一个时间序列数据库。 VictoriaMetrics 1.0.0版本至1.110.23之前版本、1.111.0版本至1.122.8之前版本和1.123.0版本至1.129.1之前版本存在安全漏洞,该漏洞源于snappy解码器忽略请求大小限制,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A