CVE-2022-43766
published 2022-10-26CVE-2022-43766: Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | iotdb | 0.12.2 – 0.12.6 | — |
| apache | iotdb | 0.13.0 – 0.13.2 | — |
| apache_software_foundation | apache_iotdb | >= 0.12.2 < unspecified | unspecified |
| apache_software_foundation | apache_iotdb | unspecified – 0.13.2 | — |