Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <905cde28-c6bf-d936-850d-5eded3812c9d@apache.org>
Date: Fri, 10 Jul 2026 06:30:56 +0000
From: Haonan Hou <haonan@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2026-40007: Apache IoTDB: Unauthenticated unbounded recursion
 in IoTDB AirGap receiver's E-language prefix parser causes per-connection
 StackOverflowError 

Severity: moderate 

Affected versions:

- Apache IoTDB 1.0.0 before 2.0.10

Description:

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.
When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's
readLength method calls itself recursively each time it recognises the
E-language prefix in socket data, with no depth limit. An unauthenticated
attacker can send a stream of repeated E-language prefixes that drives the
recursion arbitrarily deep, exhausting the receiver thread's JVM stack and
raising StackOverflowError.


This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.

Users are recommended to upgrade to version 2.0.10, which fixes the issue.

Credit:

bugbunny.ai (finder)

References:

https://iotdb.apache.org
https://www.cve.org/CVERecord?id=CVE-2026-40007

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.