漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Oxia: Server crash via race condition in session heartbeat handling
Vulnerability Description
Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat() method uses a blocking channel send while holding a mutex, and under specific timing with concurrent close() calls, this can lead to either a deadlock (channel buffer full) or a panic (send on closed channel after TOCTOU gap in KeepAlive). This vulnerability is fixed in 0.16.2.
CVSS Information
N/A
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
oxia 竞争条件问题漏洞
Vulnerability Description
oxia是Oxia开源的一个分布式元数据存储与协调系统。 Oxia 0.16.2之前版本存在竞争条件问题漏洞,该漏洞源于会话心跳处理和会话关闭之间存在竞争条件,可能导致服务器因在已关闭通道上发送而崩溃。
CVSS Information
N/A
Vulnerability Type
N/A