Skip to content 
Security Alert # 2: VelocyPack Buffer Overflow
Issue Description
The VelocyPack implementation used in ArangoDB can trigger a buffer overflow. In order to exploit this, an attacker needs access to the database port. As a buffer overflow results in undefined behavior the attacker might crash the database server or gain illegal access to data stored in the database.
It is therefore important to upgrade ArangoDB as soon as possible.
Issue Resolution
Please upgrade to at least:
- v3.2.18
- v3.3.22
- v3.4.2-1
These versions contain an updated version of the VelocyPack library, which protects against the buffer overflow.
In order to check the version you are using, you can issue a
/usr/sbin/arangod --version | head -1
If you are using a docker container, you can check that your container has been updated by running
docker run -it arangodb/arangodb env arangod --version | head -1
Additional Questions
In case of any questions, please contact us. ArangoDB Customers can open a support ticket in our Support Platform.