CVE-2023-38502

Name of the Vulnerable Software and Affected Versions TDengine versions prior to 3.0.7.1

Description TDengine is an open source, time-series database optimized for Internet of Things devices. The issue affects TDengine Databases that allow users to connect and run arbitrary queries, causing the database to crash on UDF nested queries.

Recommendations For versions prior to 3.0.7.1, update to version 3.0.7.1 to resolve the issue. As a temporary workaround, consider restricting user access to run arbitrary queries until the patch is applied.