CVE-2025-35966

High CVSS: 7.5

A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.

Vendor

Bloomberg

Product

Comdb2

CWE

CWE-476

Yayın Tarihi

2025-07-22 16:15:26

Güncelleme

2025-11-03 20:18:30

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-476 Comdb2 HIGH Bloomberg 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2201 https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2201 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2201

Benzer Kayıtlar

Low

CVE-2026-32722

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process…

High

CVE-2025-46354

A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomber…

High

CVE-2025-48498

A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when pr…

High

CVE-2025-36512

A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction he…

High

CVE-2025-36520

A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg…