Lucene search

GitHub_MCVELIST:CVE-2023-38502

HistoryJul 25, 2023 - 9:14 p.m.

CVE-2023-38502 TDengine Database Denial-of-Service

2023-07-2521:14:22

CWE-20

GitHub_M

www.cve.org

cve-2023-38502

tdengine database

dos

udf

nested query

fix

patch

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.1%

JSON

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue.

CNA Affected

[
  {
    "vendor": "taosdata",
    "product": "TDengine",
    "versions": [
      {
        "version": "< 3.0.7.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.1%

JSON

Related for CVELIST:CVE-2023-38502