Infinistore
Monthly
Inefficient algorithmic complexity in bytedance InfiniStore up to version 0.2.33 allows a local, low-privileged attacker to partially degrade availability by triggering worst-case execution in the purge_kv_map function. The CVSS vector (AV:L/AC:L/PR:L/UI:N/A:L) confirms limited blast radius - local-only access with no confidentiality or integrity impact - but a public proof-of-concept exists per the GitHub issue tracker and is reflected in the E:P temporal modifier. No patch has been issued; the vendor has not responded to the coordinated disclosure.
Inefficient algorithmic complexity in bytedance InfiniStore up to version 0.2.33 allows a local, low-privileged attacker to partially degrade availability by triggering worst-case execution in the purge_kv_map function. The CVSS vector (AV:L/AC:L/PR:L/UI:N/A:L) confirms limited blast radius - local-only access with no confidentiality or integrity impact - but a public proof-of-concept exists per the GitHub issue tracker and is reflected in the E:P temporal modifier. No patch has been issued; the vendor has not responded to the coordinated disclosure.