PT-2026-60265 · Taosdata · Tdengine

Publicado

2026-07-15

·

Atualizado

2026-07-15

·

CVE-2026-62349

CVSS v3.1

8.3

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
TDengine is an open source, time-series database optimized for Internet of Things devices. In 3.4.1.6 and earlier, source/libs/parser/src/parUtil.c trimString() checks space for only one byte before processing SQL string escape sequences %, , or x, allowing a one-byte out-of-bounds write to the stack buffer tmpTokenBuf that can cause denial of service and potentially remote code execution. This issue is fixed in version 3.4.1.14.

Exploit

Correção

Memory Corruption

Stack Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-62349

Produtos afetados

Tdengine