CVE-2025-48498

High CVSS: 7.5

A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.

Vendor

Bloomberg

Product

Comdb2

CWE

CWE-476

Yayın Tarihi

2025-07-22 16:15:29

Güncelleme

2025-11-03 20:19:07

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-476 Comdb2 HIGH Bloomberg 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2199 https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2199 https://talosintelligence.com/vulnerability_reports/TALOS-2025-2199

Benzer Kayıtlar

Low

CVE-2026-32722

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process…

High

CVE-2025-46354

A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomber…

High

CVE-2025-36512

A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction he…

High

CVE-2025-36520

A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg…

High

CVE-2025-35966

A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2…