Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for InfiniStore by bytedance

    CVE-2026-11312 (GCVE-0-2026-11312)

    Vulnerability from nvd – Published: 2026-06-05 00:30 – Updated: 2026-06-05 13:12
    VLAI
    Title
    bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity
    Summary
    A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    • CWE-404 - Denial of Service
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/368398 vdb-entrytechnical-description
    https://vuldb.com/vuln/368398/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-11312 third-party-advisory
    https://vuldb.com/submit/832348 third-party-advisory
    https://github.com/bytedance/InfiniStore/issues/200 exploitissue-tracking
    https://github.com/bytedance/InfiniStore/ product
    Impacted products
    Vendor Product Version
    bytedance InfiniStore Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
    Affected: 0.2.11
    Affected: 0.2.12
    Affected: 0.2.13
    Affected: 0.2.14
    Affected: 0.2.15
    Affected: 0.2.16
    Affected: 0.2.17
    Affected: 0.2.18
    Affected: 0.2.19
    Affected: 0.2.20
    Affected: 0.2.21
    Affected: 0.2.22
    Affected: 0.2.23
    Affected: 0.2.24
    Affected: 0.2.25
    Affected: 0.2.26
    Affected: 0.2.27
    Affected: 0.2.28
    Affected: 0.2.29
    Affected: 0.2.30
    Affected: 0.2.31
    Affected: 0.2.32
    Affected: 0.2.33
        cpe:2.3:a:bytedance:infinistore:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem00 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11312",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T13:12:38.127231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T13:12:50.570Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:bytedance:infinistore:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "KV Map Handler"
              ],
              "product": "InfiniStore",
              "vendor": "bytedance",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                },
                {
                  "status": "affected",
                  "version": "0.2.11"
                },
                {
                  "status": "affected",
                  "version": "0.2.12"
                },
                {
                  "status": "affected",
                  "version": "0.2.13"
                },
                {
                  "status": "affected",
                  "version": "0.2.14"
                },
                {
                  "status": "affected",
                  "version": "0.2.15"
                },
                {
                  "status": "affected",
                  "version": "0.2.16"
                },
                {
                  "status": "affected",
                  "version": "0.2.17"
                },
                {
                  "status": "affected",
                  "version": "0.2.18"
                },
                {
                  "status": "affected",
                  "version": "0.2.19"
                },
                {
                  "status": "affected",
                  "version": "0.2.20"
                },
                {
                  "status": "affected",
                  "version": "0.2.21"
                },
                {
                  "status": "affected",
                  "version": "0.2.22"
                },
                {
                  "status": "affected",
                  "version": "0.2.23"
                },
                {
                  "status": "affected",
                  "version": "0.2.24"
                },
                {
                  "status": "affected",
                  "version": "0.2.25"
                },
                {
                  "status": "affected",
                  "version": "0.2.26"
                },
                {
                  "status": "affected",
                  "version": "0.2.27"
                },
                {
                  "status": "affected",
                  "version": "0.2.28"
                },
                {
                  "status": "affected",
                  "version": "0.2.29"
                },
                {
                  "status": "affected",
                  "version": "0.2.30"
                },
                {
                  "status": "affected",
                  "version": "0.2.31"
                },
                {
                  "status": "affected",
                  "version": "0.2.32"
                },
                {
                  "status": "affected",
                  "version": "0.2.33"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem00 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "Inefficient Algorithmic Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T00:30:14.091Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368398 | bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368398"
            },
            {
              "name": "VDB-368398 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368398/cti"
            },
            {
              "name": "CVE-2026-11312 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11312"
            },
            {
              "name": "Submit #832348 | bytedance InfiniStore 0.2.33 Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832348"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/bytedance/InfiniStore/issues/200"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/bytedance/InfiniStore/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T20:15:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11312",
        "datePublished": "2026-06-05T00:30:14.091Z",
        "dateReserved": "2026-06-04T18:10:12.303Z",
        "dateUpdated": "2026-06-05T13:12:50.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11312 (GCVE-0-2026-11312)

    Vulnerability from cvelistv5 – Published: 2026-06-05 00:30 – Updated: 2026-06-05 13:12
    VLAI
    Title
    bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity
    Summary
    A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    • CWE-404 - Denial of Service
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/368398 vdb-entrytechnical-description
    https://vuldb.com/vuln/368398/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-11312 third-party-advisory
    https://vuldb.com/submit/832348 third-party-advisory
    https://github.com/bytedance/InfiniStore/issues/200 exploitissue-tracking
    https://github.com/bytedance/InfiniStore/ product
    Impacted products
    Vendor Product Version
    bytedance InfiniStore Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
    Affected: 0.2.11
    Affected: 0.2.12
    Affected: 0.2.13
    Affected: 0.2.14
    Affected: 0.2.15
    Affected: 0.2.16
    Affected: 0.2.17
    Affected: 0.2.18
    Affected: 0.2.19
    Affected: 0.2.20
    Affected: 0.2.21
    Affected: 0.2.22
    Affected: 0.2.23
    Affected: 0.2.24
    Affected: 0.2.25
    Affected: 0.2.26
    Affected: 0.2.27
    Affected: 0.2.28
    Affected: 0.2.29
    Affected: 0.2.30
    Affected: 0.2.31
    Affected: 0.2.32
    Affected: 0.2.33
        cpe:2.3:a:bytedance:infinistore:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dem00 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11312",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T13:12:38.127231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T13:12:50.570Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:bytedance:infinistore:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "KV Map Handler"
              ],
              "product": "InfiniStore",
              "vendor": "bytedance",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                },
                {
                  "status": "affected",
                  "version": "0.2.11"
                },
                {
                  "status": "affected",
                  "version": "0.2.12"
                },
                {
                  "status": "affected",
                  "version": "0.2.13"
                },
                {
                  "status": "affected",
                  "version": "0.2.14"
                },
                {
                  "status": "affected",
                  "version": "0.2.15"
                },
                {
                  "status": "affected",
                  "version": "0.2.16"
                },
                {
                  "status": "affected",
                  "version": "0.2.17"
                },
                {
                  "status": "affected",
                  "version": "0.2.18"
                },
                {
                  "status": "affected",
                  "version": "0.2.19"
                },
                {
                  "status": "affected",
                  "version": "0.2.20"
                },
                {
                  "status": "affected",
                  "version": "0.2.21"
                },
                {
                  "status": "affected",
                  "version": "0.2.22"
                },
                {
                  "status": "affected",
                  "version": "0.2.23"
                },
                {
                  "status": "affected",
                  "version": "0.2.24"
                },
                {
                  "status": "affected",
                  "version": "0.2.25"
                },
                {
                  "status": "affected",
                  "version": "0.2.26"
                },
                {
                  "status": "affected",
                  "version": "0.2.27"
                },
                {
                  "status": "affected",
                  "version": "0.2.28"
                },
                {
                  "status": "affected",
                  "version": "0.2.29"
                },
                {
                  "status": "affected",
                  "version": "0.2.30"
                },
                {
                  "status": "affected",
                  "version": "0.2.31"
                },
                {
                  "status": "affected",
                  "version": "0.2.32"
                },
                {
                  "status": "affected",
                  "version": "0.2.33"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dem00 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "Inefficient Algorithmic Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T00:30:14.091Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-368398 | bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/368398"
            },
            {
              "name": "VDB-368398 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/368398/cti"
            },
            {
              "name": "CVE-2026-11312 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11312"
            },
            {
              "name": "Submit #832348 | bytedance InfiniStore 0.2.33 Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/832348"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/bytedance/InfiniStore/issues/200"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/bytedance/InfiniStore/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-04T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-04T20:15:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11312",
        "datePublished": "2026-06-05T00:30:14.091Z",
        "dateReserved": "2026-06-04T18:10:12.303Z",
        "dateUpdated": "2026-06-05T13:12:50.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }