CVE-2026-40007
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-400
Consumo de recursos no controlado (Agotamiento de recursos)
Fecha de publicación:
10/07/2026
Última modificación:
10/07/2026
Descripción
*** Pendiente de traducción *** Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.<br />
When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver&#39;s<br />
readLength method calls itself recursively each time it recognises the<br />
E-language prefix in socket data, with no depth limit. An unauthenticated<br />
attacker can send a stream of repeated E-language prefixes that drives the<br />
recursion arbitrarily deep, exhausting the receiver thread&#39;s JVM stack and<br />
raising StackOverflowError.<br />
<br />
<br />
This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.<br />
<br />
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Impacto
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA



