CVE-2025-6536: 
Linux Debian vulnerability analysis and mitigation

A vulnerability has been identified in Tarantool versions up to 3.3.1, assigned CVE-2025-6536. The issue affects the tmtodatetime function in the library src/lib/core/datetime.c. The vulnerability was discovered on April 5, 2025, and involves a reachable assertion condition that can be triggered through local access (NVD, Wiz).

The vulnerability specifically involves a reachable assertion in the tmtodatetime function located in src/lib/core/datetime.c. The assertion 'mday >= 1 && mday <= 31' at line 150 can fail when processing certain input values. The vulnerability has been assigned a CVSS v4.0 score of 4.8 (MEDIUM) with the vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P, and a CVSS v3.1 score of 3.3 (LOW) (NVD, GitHub Issue).

When exploited, this vulnerability can lead to a denial of service condition through an assertion failure. The impact is limited to availability, with no direct effects on confidentiality or integrity of the system (Wiz).

No official patch or mitigation has been publicly announced yet. The vulnerability affects Tarantool versions up to 3.3.1 (Wiz).