Tidb
CVE-2024-33809
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks.
AnalysisAI
PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks. Affected products include: Pingcap Tidb.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. Rate
PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerabi
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. Rated critical sever
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. Rated medium sev
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Ra
PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer. Rated hig
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today