EUVD-2025-18975
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4Description
A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Analysis
A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Technical Context
This vulnerability is classified as Reachable Assertion (CWE-617).
Affected Products
Affected: Tarantool
Remediation
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | needs-triage | - |
| oracular | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
| plucky | ignored | end of life, was needs-triage |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 2.6.0-1 | - |
| bookworm | vulnerable | 2.6.0-1.2 | - |
| trixie | vulnerable | 2.6.0-1.4 | - |
| (unstable) | fixed | (unfixed) | unimportant |
Share
External POC / Exploit Code
Leaving vuln.today