CVE-2026-24012
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-400
Consumo de recursos no controlado (Agotamiento de recursos)
Fecha de publicación:
06/07/2026
Última modificación:
06/07/2026
Descripción
*** Pendiente de traducción *** Uncontrolled Resource Consumption vulnerability in Apache IoTDB. <br />
<br />
Some interface fails to impose reasonable<br />
limits on the time span and aggregation interval of the query. An attacker<br />
can construct a request with extreme parameters (e.g., a very large time<br />
range combined with a minimal interval). This forces the DataNode to build<br />
an enormous result set in memory, which exhausts the Java heap and causes<br />
the DataNode process to crash.<br />
<br />
This issue affects Apache IoTDB: from 1.3.3 before 2.0.8.<br />
<br />
Users are recommended to upgrade to version 2.0.8, which fixes the issue.
Impacto
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA



