{"id":82047,"date":"2026-07-15T22:48:38","date_gmt":"2026-07-15T19:18:38","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-62353-tdengine-authenticated-out-of-bounds-read-in-sql-lexer-tgettoken\/"},"modified":"2026-07-15T22:48:38","modified_gmt":"2026-07-15T19:18:38","slug":"cve-2026-62353-tdengine-authenticated-out-of-bounds-read-in-sql-lexer-tgettoken","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-62353-tdengine-authenticated-out-of-bounds-read-in-sql-lexer-tgettoken\/","title":{"rendered":"CVE-2026-62353 &#8211; TDengine: Authenticated Out-of-Bounds Read in SQL Lexer tGetToken"},"content":{"rendered":"<p>CVE ID :CVE-2026-62353<\/p>\n<p>  Published : July 15, 2026, 7:18 p.m. | 15\u00a0minutes ago<\/p>\n<p>  Description :TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source\/libs\/parser\/src\/parTokenizer.c tGetToken() incremented past a trailing backslash in a SQL string literal such as &#8216;abc and read one byte beyond the null terminator, allowing an authenticated user who can submit SQL queries to crash the server and possibly leak adjacent memory. This issue is fixed in version 3.4.1.14.<\/p>\n<p>  Severity: 5.4 | MEDIUM<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-62353 Published : July 15, 2026, 7:18 p.m. | 15\u00a0minutes ago Description :TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source\/libs\/parser\/src\/parTokenizer.c tGetToken() incremented past a trailing backslash in a SQL string literal such as &#8216;abc and read one byte beyond the null terminator, allowing an authenticated user &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-82047","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/82047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=82047"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/82047\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=82047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=82047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=82047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}