CVE-2026-42542— TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42542
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)
Source: NVD (National Vulnerability Database)
Vulnerability Description
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数下溢(超界折返)
Source: NVD (National Vulnerability Database)
Vulnerability Title
TDengine 数字错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TDengine是TDengine公司的一款开源、高性能、云原生时间序列数据库。 TDengine 3.4.0.0版本至3.4.1.5版本存在数字错误漏洞,该漏洞源于未经验证的远程攻击者发送单个特制RPC数据包,可能导致taosd服务器进程崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-42542
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42542
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-42542 (1)
Vendor Pages for CVE-2026-42542 (1)
- 🔗 Release 3.4.1.6 · taosdata/TDengine · GitHubx_refsource_MISC
IV. Related Vulnerabilities
Same weakness: CWE-191
- CVE-2026-30803
Integer Underflow (Wrap or Wraparound) vulnerability in RTI - CVE-2026-54413
driftregion iso14229 缓冲区错误漏洞 - CVE-2026-11850
Krb5: krb5: integer underflow in berval2tl_data() leads to h - CVE-2026-42981
Windows Performance Monitor Remote Code Execution Vulnerabil - CVE-2026-42980
NT OS Kernel Elevation of Privilege Vulnerability
V. Comments for CVE-2026-42542
No comments yet