Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-24012

Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-400 Consumo de recursos no controlado (Agotamiento de recursos)
Fecha de publicación:
06/07/2026
Última modificación:
06/07/2026

Descripción

*** Pendiente de traducción *** Uncontrolled Resource Consumption vulnerability in Apache IoTDB. <br /> <br /> Some interface fails to impose reasonable<br /> limits on the time span and aggregation interval of the query. An attacker<br /> can construct a request with extreme parameters (e.g., a very large time<br /> range combined with a minimal interval). This forces the DataNode to build<br /> an enormous result set in memory, which exhausts the Java heap and causes<br /> the DataNode process to crash.<br /> <br /> This issue affects Apache IoTDB: from 1.3.3 before 2.0.8.<br /> <br /> Users are recommended to upgrade to version 2.0.8, which fixes the issue.

Referencias a soluciones, herramientas e información