CVE-2026-11312
LOWbytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity
Title source: cnaDescription
A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Product product
https://github.com/bytedance/InfiniStore/
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-368398 | bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity
https://vuldb.com/vuln/368398
Signature, Permissions Required signature
permissions-required
VDB-368398 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/368398/cti
Third Party Advisory third-party-advisory
CVE-2026-11312 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11312
Third Party Advisory third-party-advisory
Submit #832348 | bytedance InfiniStore 0.2.33 Denial of Service
https://vuldb.com/submit/832348
Exploit exploit
issue-tracking
https://github.com/bytedance/InfiniStore/issues/200
Scores
CVSS v3
3.3
EPSS
0.0011
EPSS Percentile
1.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-404
CWE-407
Status
published
Products (34)
bytedance/InfiniStore
0.2.0
bytedance/InfiniStore
0.2.1
bytedance/InfiniStore
0.2.10
bytedance/InfiniStore
0.2.11
bytedance/InfiniStore
0.2.12
bytedance/InfiniStore
0.2.13
bytedance/InfiniStore
0.2.14
bytedance/InfiniStore
0.2.15
bytedance/InfiniStore
0.2.16
bytedance/InfiniStore
0.2.17
... and 24 more
Published
Jun 05, 2026
Tracked Since
Jun 05, 2026