Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Client crashes on malicious server data with no confidentiality/integrity impact, so C:N/I:N/A:H; kept AV:N/PR:N to match the network parsing path, though a malicious server is a real prerequisite.
Primary rating from Vendor (apache).
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6DescriptionCVE.org
Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data.
This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Articles & Coverage 1
AnalysisAI
Denial of service in the Apache IoTDB C++ client (versions 1.3.5 before 1.3.8 and 2.0.5 before 2.0.10) allows a malicious or compromised IoTDB server to crash any connected client by returning malformed TsBlock response data. The client's TsBlock deserializer performs out-of-bounds reads (CWE-125) on attacker-controlled server payloads, terminating the client process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim's Apache IoTDB C++ client (1.3.5-1.3.7 or 2.0.5-2.0.9) to receive malformed TsBlock data from the server it queries, so the attacker must control or compromise the IoTDB server endpoint, or man-in-the-middle an unauthenticated/unencrypted client-server connection, and the trigger fires during normal result deserialization. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.5 (HIGH) driven entirely by A:H with C:N/I:N - this is a pure availability/DoS issue, not code execution or data disclosure, so the 'HIGH' label overstates business impact for most deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who operates or has compromised an IoTDB server (or holds a man-in-the-middle position on an unencrypted client-server link) returns a crafted TsBlock with inconsistent length fields when a C++ client issues a query. The client's deserializer reads out of bounds while parsing the block and crashes, denying service to the application; no user interaction beyond the normal query is required and no exploit code is publicly known at time of analysis. |
| Remediation | Vendor-released patch: upgrade the C++ client to 2.0.10 (the version the advisory explicitly recommends) on the 2.0.x line, or to 1.3.8 on the 1.3.x maintenance line, then rebuild and redeploy any C++ applications that link the client library. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems and applications using Apache IoTDB C++ client versions 1.3.5-1.3.7 or 2.0.5-2.0.9. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42839
GHSA-74ph-cx7x-v56m