CVE-2023-29194
MEDIUMVitess < 16.0.1 - Denial of Service via Keyspace Name with Forward Slash
Title source: llmDescription
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f
Patch x_refsource_misc
https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88
Release Notes x_refsource_misc
https://github.com/vitessio/vitess/commits/v0.16.1/
Scores
CVSS v3
4.1
EPSS
0.0078
EPSS Percentile
51.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-703
CWE-20
Status
published
Products (2)
linuxfoundation/vitess
< 16.0.1
vitess.io/vitess
0 - 0.16.1Go
Published
Apr 14, 2023
Tracked Since
Feb 18, 2026