CVE-2024-41435 – YugabyteDB v2.21.1.0 contains a buffer overflow... (How to Fix)

Q: What is the severity of CVE-2024-41435?

CVE-2024-41435 has a CVSS score of 7.5 (HIGH). YugabyteDB v2.21.1.0 contains a buffer overflow vulnerability in the 'insert into' parameter that could allow attackers to execute arbitrary code or crash the database. This affects all deployments running the vulnerable version. Database administrators and organizations using YugabyteDB are at risk.

📋 TL;DR

YugabyteDB v2.21.1.0 contains a buffer overflow vulnerability in the 'insert into' parameter that could allow attackers to execute arbitrary code or crash the database. This affects all deployments running the vulnerable version. Database administrators and organizations using YugabyteDB are at risk.

💻 Affected Systems

Products:

YugabyteDB

Versions: v2.21.1.0

Operating Systems: All platforms running YugabyteDB

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of the affected version are vulnerable regardless of configuration

📦 What is this software?

Yugabytedb by Yugabyte

View all CVEs affecting Yugabytedb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete database compromise, data theft, or ransomware deployment

🟠

Likely Case

Database crash causing service disruption and potential data corruption

🟢

If Mitigated

Denial of service with limited data exposure if proper network segmentation exists

🌐 Internet-Facing: HIGH - Directly exploitable via database queries from external sources

🏢 Internal Only: MEDIUM - Requires database access but could be exploited by malicious insiders or compromised internal systems

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires database query access but buffer overflow techniques are well-documented

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.21.2.0 or later

Vendor Advisory: https://github.com/yugabyte/yugabyte-db/issues/22967

Restart Required: Yes

Instructions:

1. Backup your database. 2. Download and install YugabyteDB v2.21.2.0 or later. 3. Stop the database service. 4. Apply the update. 5. Restart the database service. 6. Verify the version is updated.

🔧 Temporary Workarounds

Input validation at application layer

all

Implement strict input validation for all 'insert into' queries before they reach the database

Network access restrictions

linux

Restrict database access to only trusted application servers using firewall rules

iptables -A INPUT -p tcp --dport 5433 -s [trusted_ip] -j ACCEPT
iptables -A INPUT -p tcp --dport 5433 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate the database from untrusted networks
Deploy a web application firewall (WAF) or database firewall to monitor and block suspicious queries

🔍 How to Verify

Check if Vulnerable:

Check YugabyteDB version: yugabyted version or via admin UI

Check Version:

yugabyted version

Verify Fix Applied:

Confirm version is v2.21.2.0 or later and test 'insert into' operations with various inputs

📡 Detection & Monitoring

Log Indicators:

Unusually large 'insert into' queries
Database crash logs
Stack trace errors in database logs

Network Indicators:

Multiple failed connection attempts followed by large query payloads
Unusual query patterns from single source

SIEM Query:

source="yugabyte-logs" AND ("buffer overflow" OR "segmentation fault" OR "insert into" AND size>10000)

📊 Metadata

CVE ID: CVE-2024-41435

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: September 3, 2024

Last Updated: July 3, 2025

🔗 References

https://gist.github.com/ycybfhb/1427881e7db911786837d32b0669e06b Third Party Advisory
https://github.com/yugabyte/yugabyte-db/issues/22967 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41435, you might also want to check these: