CNNVD-202511-2693 Information
CNNVD ID
CNNVD-202511-2693
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
VictoriaMetrics是VictoriaMetrics开源的一个时间序列数据库。 VictoriaMetrics 1.0.0版本至1.110.23之前版本、1.111.0版本至1.122.8之前版本和1.123.0版本至1.129.1之前版本存在安全漏洞,该漏洞源于snappy解码器忽略请求大小限制,可能导致拒绝服务攻击。
Description (English)
Victoria Metrics is a time-series database for Victoria Metrics. There is a security loophole in Victoria Metrics 1.0.0 to 1.110.23, 1.11.0 to 1.122.8 and 1.123 to 1.129.1, which stems from snappy decoder ignoring request size limits, which may lead to a denial of service attack.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
VictoriaMetrics
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/VictoriaMetrics/VictoriaMetrics/commit/51b44afd34d2c9a392d4ebedeeb5b4a7f5beca24 https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.110.23 https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.122.8 https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.129.1 https://github.com/VictoriaMetrics/VictoriaMetrics/security/advisories/GHSA-66jq-2c23-2xh5
Patch
https://github.com/VictoriaMetrics/VictoriaMetrics/releases
Share on: