CVE-2024-7701 Affecting percona-toolkit package, versions *

Q: How to fix?

There is no fixed version for Debian:12 percona-toolkit .

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIAN12-PERCONATOOLKIT-8515921
published16 Dec 2024
disclosed15 Dec 2024

Report a new vulnerability Found a mistake?

Introduced: 15 Dec 2024

NewCVE-2024-7701 (opens in a new tab)

How to fix?

There is no fixed version for Debian:12 percona-toolkit.

NVD Description

Note: Versions mentioned in the description apply only to the upstream percona-toolkit package and not the percona-toolkit package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0.

References

https://security-tracker.debian.org/tracker/CVE-2024-7701
https://github.com/percona/percona-toolkit/blob/aa1ac0e6889168fddf73c3a72d447e9ea0c0c63b/src/go/pt-secure-collect/encrypt.go#L17