CVE-2025-65942

Published: 11/25/2025 23:15:47
VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest limits. This issue has been patched in versions 1.110.23, 1.122.8, and 1.129.1.
LOW
CVSS v3: 2.7

Status

DocFilters Release Package State Justification Comment
0.0.0.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
25.4 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
25.3 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
25.2 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
25.1.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
25.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
24.4 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
24.4.0 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
24.3 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
24.2.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
24.2 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
24.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
23.3 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
23.2.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
23.2 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
23.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
22.4 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
22.3 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
22.2 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
22.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
21.11.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
21.11 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
21.8.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
21.8 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
21.5.1 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
21.5.0 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
21.2.0 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.20 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.19.3667 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.18.3599 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.17 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.16.3445 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.15.3368 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.14.3263 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.13.3179 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.12.3054 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.11.3040 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.11.2990 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.10.2934 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.9.2878 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.
11.4.8.2822 snappy (1.1.3) Not Affected Code Not Present This CVE affects VictoriaMetrics, a time series monitoring solution. We use Google Snappy compression library directly; VictoriaMetrics is not present in Document Filters.

Severity score breakdown

Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
LOW
Base Score
2.7
Base Severity
LOW
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
HIGH
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Version
3.1

References