-
-
Save ycybfhb/eec3a1eefe4c85eb22f1bca6114359a1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-41433 | |
| [PRODUCT] | |
| PingCAP TiDB | |
| [VERSION] | |
| v8.1.0 | |
| [PROBLEM TYPE] | |
| buffer overflow | |
| [DESCRIPTION] | |
| PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow vulnerability, | |
| which could lead to database crashes and denial of service attacks. | |
| The main reason is that the projection in the query execution plan has been pushed down to TiKV and the schema information is lost. | |
| [Reference] | |
| https://github.com/pingcap/tidb/issues/53796 | |
| [FIX] | |
| https://github.com/pingcap/tidb/pull/52836 | |
| [Discoverer] | |
| Jiaju Bai, Zixuan Fu, Hongbo Feng, Jianwei Liu |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment