VDB
GO-2025-4161
GO-2025-4161
PUBLISHED
CVSS 8.699999809265137 HIGH
VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM in github.com/VictoriaMetrics/VictoriaMetrics
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | VictoriaMetrics/VictoriaMetrics | 0, 1.111.0, 1.123.0 |
Timeline
- Dec 15, 2025 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/VictoriaMetrics/VictoriaMetrics/security/advisories/GHSA-66jq-2c23-2xh5 advisory
- https://github.com/VictoriaMetrics/VictoriaMetrics/commit/51b44afd34d2c9a392d4ebedeeb5b4a7f5beca24 fix
- https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.110.23 fix
- https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.122.8 fix
- https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.129.1 fix