Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities

July 24, 2025 invoker category_news

Security Update News

Update Information

Title Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities
Update ID TALOSBLOG:72995AAF69DEDF0ECD3B0D7B55B1C5E3
Type talosblog
Published 2025-07-24T14:03:31
Last Updated 2025-07-24T14:03:31

Security Impact

CVSS Score 7.5
Severity HIGH

Affected CVEs

  • CVE-2025-35966
  • CVE-2025-36512
  • CVE-2025-36520
  • CVE-2025-46354
  • CVE-2025-48498

Update Details

![Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities](https://blog.talosintelligence.com/content/images/2025/07/vuln-roundup-1.webp)

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2.

Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the database utilizes optimistic locking for concurrent operation.

The vulnerabilities mentioned in this blog post have been patched by the vendor, all in adherence to _Cisco ‘s third-party vulnerability disclosure policy_.

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from _Snort.org_, and our latest Vulnerability Advisories are always posted on _Talos Intelligence ‘s website_.

## Comdb2 vulnerabilities

_Discovered by a member of Cisco Talos. _

Three null pointer dereference vulnerabilities exist in Bloomberg Comdb2 8.1. Two vulnerabilities (TALOS-2025-2197 (CVE-2025-36520) and TALOS-2025-2201 (CVE-2025-35966)) are in protocol buffer message handling, which can lead to denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability. TALOS-2025-2199 (CVE-2025-48498) is in the distributed transaction component. A specially crafted network packet can lead to a denial of service. An attacker can send packets to trigger this vulnerability.

There are also two denial-of-service vulnerabilities:

* TALOS-2025-2198 (CVE-2025-46354) exists in the Distributed Transaction Commit/Abort Operation of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
* TALOS-2025-2200 (CVE-2025-36512) exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.