Search criteria
2 vulnerabilities found for TDengine by taosdata
CVE-2023-38502 (GCVE-0-2023-38502)
Vulnerability from nvd – Published: 2023-07-25 21:14 – Updated: 2024-10-10 17:55
VLAI?
Title
TDengine Database Denial-of-Service
Summary
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue.
Severity ?
6.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tdengine:tdengine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tdengine",
"vendor": "tdengine",
"versions": [
{
"lessThan": "3.0.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38502",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:36:52.517163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:55:22.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TDengine",
"vendor": "taosdata",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T21:14:22.087Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf"
}
],
"source": {
"advisory": "GHSA-w23f-r2fm-27hf",
"discovery": "UNKNOWN"
},
"title": "TDengine Database Denial-of-Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38502",
"datePublished": "2023-07-25T21:14:22.087Z",
"dateReserved": "2023-07-18T16:28:12.077Z",
"dateUpdated": "2024-10-10T17:55:22.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38502 (GCVE-0-2023-38502)
Vulnerability from cvelistv5 – Published: 2023-07-25 21:14 – Updated: 2024-10-10 17:55
VLAI?
Title
TDengine Database Denial-of-Service
Summary
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue.
Severity ?
6.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tdengine:tdengine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tdengine",
"vendor": "tdengine",
"versions": [
{
"lessThan": "3.0.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38502",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:36:52.517163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:55:22.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TDengine",
"vendor": "taosdata",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T21:14:22.087Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf"
}
],
"source": {
"advisory": "GHSA-w23f-r2fm-27hf",
"discovery": "UNKNOWN"
},
"title": "TDengine Database Denial-of-Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38502",
"datePublished": "2023-07-25T21:14:22.087Z",
"dateReserved": "2023-07-18T16:28:12.077Z",
"dateUpdated": "2024-10-10T17:55:22.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}