=====================================================================

                                CERT-Renater

                     Note d'Information No. 2022/VULN404

_____________________________________________________________________

DATE                : 26/10/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache IoTDB versions prior to
                                          0.13.3.

=====================================================================
https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn
_____________________________________________________________________

Haonan Hou - mercredi 26 octobre 2022 11:42:11 UTC+2
CVE-2022-43766: Apache IoTDB: ReDoS Vulnerability by REGEXP


Severity: low

Description:

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are
vulnerable by the attack of REGEXP query with Java8. Users should
upgrade to 0.13.3 which addresses this issue or use a later version
of Java to avoid it.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================