Security Alert #2: VelocyPack Buffer Overflow - ArangoDB

Sign up for ArangoGraph Insights Platform

Before signing up, please accept our terms & conditions and privacy policy.

What to expect after you signup
You can try out ArangoDB Cloud FREE for 14 days. No credit card required and you are not obligated to keep using ArangoDB Cloud.

At the end of your free trial, enter your credit card details to continue using ArangoDB Cloud.

If you decide that ArangoDB Cloud is not (yet) for you, you can simply leave and come back later.

ACCEPT

Security Alert #2: VelocyPack Buffer Overflow

Security Alert # 2: VelocyPack Buffer Overflow

Issue Description

The VelocyPack implementation used in ArangoDB can trigger a buffer overflow. In order to exploit this, an attacker needs access to the database port. As a buffer overflow results in undefined behavior the attacker might crash the database server or gain illegal access to data stored in the database.

It is therefore important to upgrade ArangoDB as soon as possible.

Issue Resolution

Please upgrade to at least:

  • v3.2.18
  • v3.3.22
  • v3.4.2-1

These versions contain an updated version of the VelocyPack library, which protects against the buffer overflow.

In order to check the version you are using, you can issue a

If you are using a docker container, you can check that your container has been updated by running

Additional Questions

In case of any questions, please contact us. ArangoDB Customers can open a support ticket in our Support Platform.