7.5
CVE-2026-24012
- EPSS 0.55%
- Veröffentlicht 06.07.2026 08:38:25
- Zuletzt bearbeitet 07.07.2026 17:53:36
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters (e.g., a very large time range combined with a minimal interval). This forces the DataNode to build an enormous result set in memory, which exhausts the Java heap and causes the DataNode process to crash. This issue affects Apache IoTDB: from 1.3.3 before 2.0.8. Users are recommended to upgrade to version 2.0.8, which fixes the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.418 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://lists.apache.org/thread/0g5th1t2vj6j8hm5t9w3xh9n6f6ht9z8
http://www.openwall.com/lists/oss-security/2026/07/06/10