CNNVD-202507-2893 Information

CNNVD ID

CNNVD-202507-2893

Related CVE

CVE-2025-35966

• CNNVD Published: 2025-07-22

Description (Chinese)

Bloomberg Comdb2是Bloomberg开源的一款分布式关系数据库管理系统。 Bloomberg Comdb2 8.1版本存在代码问题漏洞，该漏洞源于CDB2SQLQUERY协议缓冲区消息处理中存在空指针取消引用，可能导致拒绝服务。

Description (English)

Bloomberg Comdb2 is a distributed relationship database management system for Bloomberg ’ s open source. Version 8.1 of Bloomberg Comdb2 has a code problem loophole, which stems from the absence of an empty pointer to cancel references in the message processing of the CDB2SQLQUERY buffer zone, which may lead to the denial of services.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Bloomberg

Published

2025-07-22

Last Modified

2026-02-24

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2201 https://nvd.nist.gov/vuln/detail/CVE-2025-35966 https://access.redhat.com/security/cve/cve-2025-35966

Patch

https://github.com/bloomberg/comdb2/tags