CVE-2024-37820: PingCAP TiDB nil pointer dereference

June 25, 2024 (updated November 21, 2024)

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation.

References

gist.github.com/ycybfhb/a9c1e14ce281f2f553adca84d384b761
github.com/advisories/GHSA-9g6g-xqv5-8g5w
github.com/pingcap/tidb
github.com/pingcap/tidb/commit/3d68bd21240c610c6307713e2bd54a5e71c32608
github.com/pingcap/tidb/issues/53580
nvd.nist.gov/vuln/detail/CVE-2024-37820

Detect and mitigate CVE-2024-37820 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →