CVE-2025-65942
ADVISORY - githubSummary
Impact
Affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest limits.
Patches
Versions 1.129.1, 1.122.8, 1.110.23
Resources
- https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.129.1
- https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.122.8
- https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.110.23
Note
VictoriaMetrics' security model assumes its APIs are properly secured (e.g. via access control flags or a firewall); this advisory addresses malicious input that should not be possible under a correctly secured deployment.
Common Weakness Enumeration (CWE)
Allocation of Resources Without Limits or Throttling
Allocation of Resources Without Limits or Throttling
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in