Description
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken() incremented past a trailing backslash in a SQL string literal such as 'abc\ and read one byte beyond the null terminator, allowing an authenticated user who can submit SQL queries to crash the server and possibly leak adjacent memory. This issue is fixed in version 3.4.1.14.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 15 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken() incremented past a trailing backslash in a SQL string literal such as 'abc\ and read one byte beyond the null terminator, allowing an authenticated user who can submit SQL queries to crash the server and possibly leak adjacent memory. This issue is fixed in version 3.4.1.14. | |
| Title | TDengine: Authenticated Out-of-Bounds Read in SQL Lexer tGetToken | |
| Weaknesses | CWE-125 CWE-126 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-15T19:28:51.733Z
Reserved: 2026-07-13T21:42:50.096Z
Link: CVE-2026-62353
Updated: 2026-07-15T19:28:18.419Z
No data.
No data.
OpenCVE Enrichment
No data.