Lucene search
K

7 matches found

CVE
CVE
added 2024/05/24 2:53 p.m.122 views

CVE-2024-33809

PingCAP TiDB v7.5.1 is affected by a buffer overflow vulnerability. The issue arises from reading a string from a column while the offset field in the column is not initialized, which can lead to database crashes and denial of service. The CVE entry notes a vulnerability in TiDB’s handling of col...

6.5CVSS7.6AI score0.00426EPSS
CVE
CVE
added 2024/05/24 2:50 p.m.80 views

CVE-2024-35618

CVE-2024-35618 : PingCAP TiDB v7.5.1 contains a NULL pointer dereference in the SortedRowContainer component. The CVSSv3.1 base score is 7.5 (HIGH) with NETWORK attack vector, NO user interaction, and availability impact. The provided documents confirm the affected product/version and the underly...

7.5CVSS7.2AI score0.00412EPSS
CVE
CVE
added 2022/05/31 7:30 p.m.78 views

CVE-2022-31011

Summary: CVE-2022-31011 affects PingCAP TiDB HTAP database. Under certain conditions, an attacker can craft malicious authentication requests to bypass authentication, causing privilege escalation or unauthorized access. The vulnerability specifically impacts TiDB 5.3.0; a patch is available in T...

7.8CVSS7.8AI score0.00311EPSS
CVE
CVE
added 2024/09/03 12:0 a.m.69 views

CVE-2024-41434

PingCAP TiDB v8.1.0 is affected by a buffer overflow in the (*Column).GetDecimal path that can enable a Denial of Service via crafted input to RemoveUnnecessaryFirstRow. The issue arises because the code checks the expression between Agg and GroupBy but does not verify the return type. PingCAP di...

4.3CVSS5.1AI score0.00414EPSS
CVE
CVE
added 2022/08/03 1:49 a.m.64 views

CVE-2022-34969

CVE-2022-34969 concerns PingCAP TiDB v6.1.0, where a NULL pointer dereference in TiDB is confirmed by multiple sources. The CVE entry documents the issue as a NULL pointer dereference with a high impact on availability (NVD: CVSSv3.1 base 7.5, AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Several connect...

7.5CVSS7.5AI score0.00776EPSS
CVE
CVE
added 2022/11/04 12:0 a.m.63 views

CVE-2022-3023

The CVE-2022-3023 entry relates to a vulnerability in the PingCAP TiDB server where an externally controlled format string is used, affecting TiDB and specifically versions prior to 6.4.0 and prior to 6.1.3. The issue is described as a format-string vulnerability that can lead to unintended behav...

9.8CVSS6.8AI score0.00562EPSS
CVE
CVE
added 2024/09/03 12:0 a.m.57 views

CVE-2024-41433

CVE-2024-41433 affects PingCAP TiDB 8.1.0, with a buffer overflow in the component expression.ExplainExpressionList. The vulnerability could allow an attacker to induce a Denial of Service via crafted input. PingCAP notes that the reproduced issue did not cause service interruption for other user...

9.8CVSS9.5AI score0.00569EPSS