Primary

Context

Tarantool Assertion Vulnerability in DateTime Handling

Vulnerability

A vulnerability exists in Tarantool versions through 3.3.1, specifically within the 'tm_to_datetime' function of the 'src/lib/core/datetime.c' file. This issue arises from improper input handling, leading to a reachable assertion that causes the application to terminate unexpectedly. The vulnerability requires local exploitation.

Impact

Exploitation of this vulnerability triggers an assertion failure, causing the application to crash. This behavior disrupts normal operations and can be classified as a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by compiling Tarantool with fuzzing enabled, using Clang as the compiler. After building the application, the 'datetime_strptime_fuzzer' can be used to test the 'tm_to_datetime' function with specially crafted input that triggers the assertion failure.

Added: Jun 24, 2025, 2:34 AM

Updated: Jun 24, 2025, 2:34 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tarantool Assertion Vulnerability in DateTime Handling

Vulnerability

Impact

Reproduction

Affected Products

Tarantool

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating