Описание
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. NOTE: PingCAP maintains that the actual reproduction of this issue did not cause the security impact of service interruption to other users. They argue that this is a complex query bug and not a DoS vulnerability.
Ссылки
- Third Party Advisory
- ExploitIssue Tracking
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pingcap:tidb:8.1.0:-:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00132
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-120
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
EPSS
Процентиль: 33%
0.00132
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-120