High severity7.5NVD Advisory· Published Oct 26, 2022· Updated Jun 17, 2026
CVE-2022-43766
CVE-2022-43766
Description
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.iotdb:flink-tsfile-connectorMaven | >= 0.12.2, < 0.13.3 | 0.13.3 |
apache-iotdbPyPI | >= 0.12.2, < 0.13.3 | 0.13.3 |
org.apache.iotdb:iotdb-serverMaven | >= 0.12.2, < 0.13.3 | 0.13.3 |
org.apache.iotdb:tsfileMaven | >= 0.12.2, < 0.13.3 | 0.13.3 |
Affected products
5- ghsa-coords4 versionspkg:maven/org.apache.iotdb/flink-tsfile-connectorpkg:maven/org.apache.iotdb/iotdb-serverpkg:maven/org.apache.iotdb/tsfilepkg:pypi/apache-iotdb
>= 0.12.2, < 0.13.3+ 3 more
- (no CPE)range: >= 0.12.2, < 0.13.3
- (no CPE)range: >= 0.12.2, < 0.13.3
- (no CPE)range: >= 0.12.2, < 0.13.3
- (no CPE)range: >= 0.12.2, < 0.13.3
- Apache Software Foundation/Apache IoTDBv5Range: unspecified
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-g6hg-4v3c-6jq7ghsaADVISORY
- lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2znnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-43766ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2022-42972.yamlghsaWEB
News mentions
0No linked articles in our index yet.