CVE-2023-38502

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
tdenginetdengine
𝑥
< 3.0.7.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
tdenginetdengine
𝑥
< 3.0.7.1
ADP
Common Weakness Enumeration
References
https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf
https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf