{"id":29587,"date":"2025-09-22T05:55:13","date_gmt":"2025-09-22T12:55:13","guid":{"rendered":"https:\/\/www.pingcap.com\/?page_id=29587"},"modified":"2025-09-22T23:43:13","modified_gmt":"2025-09-23T06:43:13","slug":"tidb-vulnerability-disclosure","status":"publish","type":"page","link":"https:\/\/www.pingcap.com\/ko\/security\/tidb-vulnerability-disclosure\/","title":{"rendered":"TiDB Vulnerability Disclosure"},"content":{"rendered":"","protected":false},"excerpt":{"rendered":"","protected":false},"author":178,"featured_media":0,"parent":7569,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"ub_ctt_via":""},"class_list":["post-29587","page","type-page","status-publish","hentry"],"acf":[],"featured_image_src":null,"yoast_head":"\nTiDB Vulnerability Disclosure | TiDB<\/title>\n<meta name=\"description\" content=\"Review disclosed and resolved vulnerabilities in TiDB. Stay informed on security fixes and our commitment to keeping TiDB deployments secure.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pingcap.com\/ko\/security\/tidb-vulnerability-disclosure\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TiDB Vulnerability Disclosure | TiDB\" \/>\n<meta property=\"og:description\" content=\"Review disclosed and resolved vulnerabilities in TiDB. Stay informed on security fixes and our commitment to keeping TiDB deployments secure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pingcap.com\/ko\/security\/tidb-vulnerability-disclosure\/\" \/>\n<meta property=\"og:site_name\" content=\"TiDB\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/pingcap2015\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-23T06:43:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/static.pingcap.com\/files\/2024\/09\/11005522\/Homepage-Ad.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"714\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@PingCAP\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/\",\"url\":\"https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/\",\"name\":\"TiDB Vulnerability Disclosure | TiDB\",\"isPartOf\":{\"@id\":\"https:\/\/www.pingcap.com\/#website\"},\"datePublished\":\"2025-09-22T12:55:13+00:00\",\"dateModified\":\"2025-09-23T06:43:13+00:00\",\"description\":\"Review disclosed and resolved vulnerabilities in TiDB. Stay informed on security fixes and our commitment to keeping TiDB deployments secure.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.pingcap.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security Vulnerabilities Guidelines\",\"item\":\"https:\/\/www.pingcap.com\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"TiDB Vulnerability Disclosure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.pingcap.com\/#website\",\"url\":\"https:\/\/www.pingcap.com\/\",\"name\":\"TiDB\",\"description\":\"TiDB | SQL at Scale\",\"publisher\":{\"@id\":\"https:\/\/www.pingcap.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.pingcap.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.pingcap.com\/#organization\",\"name\":\"PingCAP\",\"url\":\"https:\/\/www.pingcap.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png\",\"contentUrl\":\"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png\",\"width\":811,\"height\":232,\"caption\":\"PingCAP\"},\"image\":{\"@id\":\"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/pingcap2015\",\"https:\/\/x.com\/PingCAP\",\"https:\/\/linkedin.com\/company\/pingcap\",\"https:\/\/youtube.com\/channel\/UCuq4puT32DzHKT5rU1IZpIA\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TiDB Vulnerability Disclosure | TiDB","description":"Review disclosed and resolved vulnerabilities in TiDB. Stay informed on security fixes and our commitment to keeping TiDB deployments secure.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pingcap.com\/ko\/security\/tidb-vulnerability-disclosure\/","og_locale":"ko_KR","og_type":"article","og_title":"TiDB Vulnerability Disclosure | TiDB","og_description":"Review disclosed and resolved vulnerabilities in TiDB. Stay informed on security fixes and our commitment to keeping TiDB deployments secure.","og_url":"https:\/\/www.pingcap.com\/ko\/security\/tidb-vulnerability-disclosure\/","og_site_name":"TiDB","article_publisher":"https:\/\/facebook.com\/pingcap2015","article_modified_time":"2025-09-23T06:43:13+00:00","og_image":[{"width":1440,"height":714,"url":"https:\/\/static.pingcap.com\/files\/2024\/09\/11005522\/Homepage-Ad.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@PingCAP","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/","url":"https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/","name":"TiDB Vulnerability Disclosure | TiDB","isPartOf":{"@id":"https:\/\/www.pingcap.com\/#website"},"datePublished":"2025-09-22T12:55:13+00:00","dateModified":"2025-09-23T06:43:13+00:00","description":"Review disclosed and resolved vulnerabilities in TiDB. Stay informed on security fixes and our commitment to keeping TiDB deployments secure.","breadcrumb":{"@id":"https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.pingcap.com\/security\/tidb-vulnerability-disclosure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pingcap.com\/"},{"@type":"ListItem","position":2,"name":"Security Vulnerabilities Guidelines","item":"https:\/\/www.pingcap.com\/security\/"},{"@type":"ListItem","position":3,"name":"TiDB Vulnerability Disclosure"}]},{"@type":"WebSite","@id":"https:\/\/www.pingcap.com\/#website","url":"https:\/\/www.pingcap.com\/","name":"\ud2f0DB","description":"TiDB | SQL at Scale","publisher":{"@id":"https:\/\/www.pingcap.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pingcap.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/www.pingcap.com\/#organization","name":"PingCAP","url":"https:\/\/www.pingcap.com\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/","url":"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png","contentUrl":"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png","width":811,"height":232,"caption":"PingCAP"},"image":{"@id":"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/pingcap2015","https:\/\/x.com\/PingCAP","https:\/\/linkedin.com\/company\/pingcap","https:\/\/youtube.com\/channel\/UCuq4puT32DzHKT5rU1IZpIA"]}]}},"grav_blocks":[{"acf_fc_layout":"columns","format":"","enable_box_container":false,"column_num":"12","columns":[{"type":"wysiwyg","wysiwyg":"<h3 style=\"text-align: center;\">Disclosure of Fixed Vulnerabilities<\/h3>\n<div class=\"table\" style=\"overflow-y: auto;\" data-page-id=\"doxcnhVRb1H7he0CKyMI7j5s1Le\" data-docx-has-block-data=\"true\">\n<table class=\"ace-table\" style=\"width: 101.584%; height: 1410px;\" data-ace-table-col-widths=\"212;176;278;134;134;299\">\n<colgroup>\n<col width=\"212\" \/>\n<col width=\"176\" \/>\n<col width=\"278\" \/>\n<col width=\"134\" \/>\n<col width=\"134\" \/>\n<col width=\"299\" \/><\/colgroup>\n<tbody>\n<tr style=\"height: 69px;\">\n<td style=\"width: 24.3869%; height: 69px;\">\n<div class=\"ace-line ace-line old-record-id-doxcne48W6yq0MiwkMTbbiVkH8c\"><strong>Vulnerability name<\/strong><\/div>\n<\/td>\n<td style=\"width: 13.2153%; height: 69px;\">\n<div class=\"ace-line ace-line old-record-id-doxcneimWO6YOsGIYkt9umElxme\"><strong>Affected <\/strong><strong>c<\/strong><strong>omponent <\/strong><\/div>\n<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnCyosMECACMOuKPu1VxH4gb\"><strong>Publish Time<\/strong><\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnCyosMECACMOuKPu1VxH4gb\"><strong>CVE<\/strong><\/div>\n<\/td>\n<td style=\"width: 2.76292%; height: 69px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnCyosMECACMOuKPu1VxH4gb\"><strong>CVSS<\/strong><\/div>\n<\/td>\n<td style=\"width: 9.80926%; height: 69px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnQSKg0w64A8GiIpbIfqWVJd\"><strong>Affected v<\/strong><strong>ersion<\/strong><\/div>\n<\/td>\n<td style=\"width: 17.3953%; height: 69px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnQoqCKgAa66wcmehuyXZTTf\"><strong>Fixed version<\/strong><\/div>\n<\/td>\n<td style=\"width: 24.0216%; height: 69px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnIG8CeuWyQ6e4m6OHfx2oRg\"><strong>I<\/strong><strong>ssue<\/strong><strong> description<\/strong><\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 24.3869%;\">Buffer Handling Bug in <code>(*Column).GetDecimal<\/code> Causing Query Failure<\/td>\n<td style=\"width: 13.2153%;\">TiDB Server<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">\n<p>09\/03\/2024<\/p>\n<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41434\">CVE-2024-41434<\/a><\/div>\n<\/td>\n<td style=\"width: 2.76292%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">CVSS v3 score\uff1a4.3 => Medium severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnqkiageimCSqeKyB2VRMrre\"><= 8.1.0<br \/>\n<= 7.5.3<br \/>\n<= 7.1.5<\/div>\n<\/td>\n<td style=\"width: 17.3953%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngEemKyWQqYoIuMWpy1VASe\">>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v8.1.1\">8.1.1<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.5.4\">7.5.4<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.1.6\">7.1.6<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngmkysWkAWsOIAFdhEP0y4d\">\n<p>A potential buffer overflow was reported in the <code>(*Column).GetDecimal<\/code> component. This issue can cause a single query to fail when using <code>RemoveUnnecessaryFirstRow<\/code>, as it checks expressions between <code>Agg<\/code> and <code>GroupBy<\/code> without validating the return type. This does not result in a Denial of Service (DoS) for other users. The impact is limited to the failing query and reflects a complex query handling bug rather than a service-wide disruption.<\/p>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 24.3869%;\">TiDB <code>ExplainExpressionList<\/code> buffer overflow classified as query bug<\/td>\n<td style=\"width: 13.2153%;\">TiDB Server<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">09\/03\/2024<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41433\">CVE-2024-41433<\/a><\/div>\n<\/td>\n<td style=\"width: 2.76292%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">CVSS v3 score\uff1a9.8 => Critical severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnqkiageimCSqeKyB2VRMrre\">8.1.0<br \/>\n<= 7.5.2<br \/>\n<= 7.1.5<br \/>\n<= 6.5.10<\/div>\n<\/td>\n<td style=\"width: 17.3953%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngEemKyWQqYoIuMWpy1VASe\">>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v8.1.1\">8.1.1<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.5.3\">7.5.3<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.1.6\">7.1.6<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v6.5.11\">6.5.11<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngmkysWkAWsOIAFdhEP0y4d\">\n<p>A buffer overflow was identified in TiDB\u2019s <code>expression.ExplainExpressionList<\/code> component. While it appeared that a crafted input might cause a Denial of Service (DoS), PingCAP\u2019s analysis confirmed that the issue does not lead to service interruption or broader security risks. Instead, it is classified as a complex query bug rather than a DoS vulnerability.<\/p>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 24.3869%;\">Nil Pointer Dereference in TiDB <code>expression.inferCollation<\/code><\/td>\n<td style=\"width: 13.2153%;\">TiDB Server<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">06\/25\/2024<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-37820\">CVE-2024-37820<\/a><\/div>\n<\/td>\n<td style=\"width: 2.76292%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">CVSS v3 score\uff1a5.4 => Medium severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnqkiageimCSqeKyB2VRMrre\"><= 8.1.0<br \/>\n<= 7.5.2<br \/>\n<= 7.1.5<br \/>\n<= 6.5.9<\/div>\n<\/td>\n<td style=\"width: 17.3953%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngEemKyWQqYoIuMWpy1VASe\">>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v8.1.1\">8.1.1<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.5.3\">7.5.3<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.1.6\">7.1.6<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v6.5.10\">6.5.10<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngmkysWkAWsOIAFdhEP0y4d\">\n<p>A nil pointer dereference was discovered in TiDB within the <code>expression.inferCollation<\/code> function. This issue may cause specific SQL statements to return errors, but it does not impact other connections or users, nor does it result in a denial-of-service condition.<\/p>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 24.3869%;\">NULL Pointer Dereference in TiDB <code>SortedRowContainer<\/code><\/td>\n<td style=\"width: 13.2153%;\">\n<div class=\"ace-line ace-line old-record-id-doxcn0YQMU0mwAsOOYZlc7eN4He\">TiDB Server<\/div>\n<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">05\/24\/2024<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-35618\">CVE-2024-35618<\/a><\/div>\n<\/td>\n<td style=\"width: 2.76292%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">CVSS v3 score\uff1a7.5 => High severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnqkiageimCSqeKyB2VRMrre\"><= 7.5.1<br \/>\n<= 7.1.5<br \/>\n<= 6.5.9<\/div>\n<\/td>\n<td style=\"width: 17.3953%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngEemKyWQqYoIuMWpy1VASe\">>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v8.1.0\">8.1.0<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.5.2\">7.5.2<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.1.6\">7.1.6<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v6.5.10\">6.5.10<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngmkysWkAWsOIAFdhEP0y4d\">\n<p>A NULL pointer dereference was discovered in TiDB within the <code>SortedRowContainer<\/code> component. This issue may cause a single query to fail and the corresponding session to disconnect, but it does not affect other connections or users.<\/p>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 141px;\">\n<td style=\"width: 24.3869%; height: 141px;\">Buffer Overflow in TiDB Leading to Single Connection Crash<\/td>\n<td style=\"width: 13.2153%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcn0YQMU0mwAsOOYZlc7eN4He\">TiDB Server<\/div>\n<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">05\/24\/2024<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-33809\">CVE-2024-33809<\/a><\/div>\n<\/td>\n<td style=\"width: 2.76292%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">CVSS v3 score\uff1a6.5 => Medium severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnqkiageimCSqeKyB2VRMrre\"><= 7.5.0<br \/>\n<= 7.1.3<\/div>\n<div><\/div>\n<\/td>\n<td style=\"width: 17.3953%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcngEemKyWQqYoIuMWpy1VASe\">>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.5.1\">7.5.1<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v7.1.4\">7.1.4<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v8.0.0\">8.0.0<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcngmkysWkAWsOIAFdhEP0y4d\">\n<p>A buffer overflow vulnerability was discovered in TiDB, which could cause a single user connection to crash. The client can automatically reconnect by resending the command, and this issue does not affect other users or lead to a broader denial-of-service condition.<\/p>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 141px;\">\n<td style=\"width: 24.3869%; height: 141px;\">SSRF Vulnerability in TiDB Dashboard<\/td>\n<td style=\"width: 13.2153%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcn0YQMU0mwAsOOYZlc7eN4He\">TiDB Dashboard<\/div>\n<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">\n<p>07\/31\/2023<\/p>\n<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">N\/A<\/div>\n<\/td>\n<td style=\"width: 2.76292%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">CVSS v3 score\uff1a7.3 => High severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnqkiageimCSqeKyB2VRMrre\">7.2.0-DMR<br \/>\n7.3.0-DMR<br \/>\n<= 6.5.3<br \/>\n<= 7.1.1<\/div>\n<\/td>\n<td style=\"width: 17.3953%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcngEemKyWQqYoIuMWpy1VASe\"><a href=\"https:\/\/github.com\/tikv\/pd\/releases\/tag\/v7.4.0\">7.4.0<\/a>-DMR<br \/>\n>= <a href=\"https:\/\/github.com\/tikv\/pd\/releases\/tag\/v6.5.4\">6.5.4<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/tikv\/pd\/releases\/tag\/v7.1.2\">7.1.2<\/a><br \/>\n>= <a href=\"https:\/\/github.com\/tikv\/pd\/releases\/tag\/v7.5.0\">7.5.0<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcngmkysWkAWsOIAFdhEP0y4d\">In certain versions, the TiDB Dashboard component may, after cluster startup, allow local port status to be inferred through internal debugging-related interfaces, which could result in an information disclosure risk.<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 24.3869%;\">TiFlash opens redundant ports<\/td>\n<td style=\"width: 13.2153%;\">\n<div class=\"ace-line ace-line old-record-id-doxcn0YQMU0mwAsOOYZlc7eN4He\">TiFlash Server<\/div>\n<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">06\/19\/2023<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">N\/A<\/div>\n<\/td>\n<td style=\"width: 2.76292%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">CVSS v3<br \/>\nscore: 8.6 => High severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnqkiageimCSqeKyB2VRMrre\">>=4.0.0 & <7.1.0<\/div>\n<\/td>\n<td style=\"width: 17.3953%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngEemKyWQqYoIuMWpy1VASe\"><a href=\"https:\/\/github.com\/pingcap\/tiflash\/releases\/tag\/v7.1.0\">7.1.0<\/a>\uff08TiUP>=v1.12.5 or TiDB Operator >= v1.5.0\uff09<\/div>\n<\/td>\n<td style=\"width: 24.0216%;\">\n<div class=\"ace-line ace-line old-record-id-doxcngmkysWkAWsOIAFdhEP0y4d\">\u00a0In certain versions, the component opens an internal TCP communication port after startup. This port does not enforce strict access control or authentication, which under specific conditions may allow unauthorized access and potentially lead to data being queried or modified.<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 141px;\">\n<td style=\"width: 24.3869%; height: 141px;\">TiDB DSN injection<\/td>\n<td style=\"width: 13.2153%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcn0YQMU0mwAsOOYZlc7eN4He\">TiDB Server<\/div>\n<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">11\/04\/2022<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-3023\">CVE-2022-3023<\/a><\/div>\n<\/td>\n<td style=\"width: 2.76292%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">CVSS v3<br \/>\nscore: 9.8 => Critical severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnqkiageimCSqeKyB2VRMrre\"><= 6.1.2<\/div>\n<div>>= 6.2.0 & <= 6.4.0-alpha1<\/div>\n<\/td>\n<td style=\"width: 17.3953%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcngEemKyWQqYoIuMWpy1VASe\"><a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v6.1.3\">6.1.3<\/a><\/div>\n<div><a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v6.4.0\">6.4.0<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcngmkysWkAWsOIAFdhEP0y4d\">TiDB server (importer CLI tool) prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads.<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 141px;\">\n<td style=\"width: 24.3869%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcn4QCeSUeUMekKM3WdNgq1Of\">TiDB authentication bypass vulnerability<\/div>\n<\/td>\n<td style=\"width: 13.2153%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcn0YQMU0mwAsOOYZlc7eN4He\">TiDB Server<\/div>\n<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">05\/31\/2022<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-31011\">CVE-2022-31011<\/a><\/div>\n<\/td>\n<td style=\"width: 2.76292%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnE6ygiWaUWUmIotyJuUXNdf\">CVSS v3 score: 8.4 => High severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnqkiageimCSqeKyB2VRMrre\">5.3.0<\/div>\n<\/td>\n<td style=\"width: 17.3953%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcngEemKyWQqYoIuMWpy1VASe\"><a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v5.3.1\">5.3.1<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%; height: 141px;\">\n<div class=\"ace-line ace-line old-record-id-doxcngmkysWkAWsOIAFdhEP0y4d\">Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 165px;\">\n<td style=\"width: 24.3869%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnKcq84IEu2EmsWABH18gojg\">TiDB DML SQL execution vulnerability<\/div>\n<\/td>\n<td style=\"width: 13.2153%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnu8SSKMeWkUiiA3uFYjHALc\">TiDB Server<\/div>\n<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnkMicUSi2wceK8xQFTGzIEg\">09\/27\/2021<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnkMicUSi2wceK8xQFTGzIEg\">N\/A<\/div>\n<\/td>\n<td style=\"width: 2.76292%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnkMicUSi2wceK8xQFTGzIEg\">CVSS v3 score: 8.2 => High severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnKokGioWiqCigX3EjNOOCGq\"><=4.0.14<\/div>\n<div class=\"ace-line ace-line old-record-id-doxcniIY86OaOekSs0C5rNTUpse\"><=5.0.3<\/div>\n<div class=\"ace-line ace-line old-record-id-doxcnKYcWUsCue2KmaEjYfFcGKc\"><=5.1.1<\/div>\n<\/td>\n<td style=\"width: 17.3953%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcn0OyuUwIIuWwcqWQTVUsrKe\"><a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v4.0.15\">4.0.15<\/a><\/div>\n<div class=\"ace-line ace-line old-record-id-doxcnAwYe0U000yeaCIiVyaUYWc\"><a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v5.0.4\">5.0.4<\/a><\/div>\n<div class=\"ace-line ace-line old-record-id-doxcnsUqkOA4MuWICgvZN0nyvZc\"><a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v5.1.2\">5.1.2<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnwq2u8mYAu8sWmm9KRRcN2d\">There is a SQL injection vulnerability in the TiDB http status service, through which an attacker can gain database permissions.<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 165px;\">\n<td style=\"width: 24.3869%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcngsey0IWoGUsscD4crMUzPe\">TiDB caching_sha2_password bypasses password authentication login<\/div>\n<\/td>\n<td style=\"width: 13.2153%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnmyyQUGsys0GsaMdDxX8jmd\">TiDB Server<\/div>\n<\/td>\n<td style=\"width: 1.59948%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnSik28mScsGEYyO8auwkzrc\">09\/29\/2020<\/div>\n<\/td>\n<td style=\"width: 5.10564%;\">\n<div class=\"ace-line ace-line old-record-id-doxcnSik28mScsGEYyO8auwkzrc\">N\/A<\/div>\n<\/td>\n<td style=\"width: 2.76292%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnSik28mScsGEYyO8auwkzrc\">CVSS v3 score: 7.6 => High severity<\/div>\n<\/td>\n<td style=\"width: 9.80926%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnIKwKMAUeqaAm0yZFTVKayc\"><=4.0.6<\/div>\n<\/td>\n<td style=\"width: 17.3953%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnuYwGaOQgqyUiEZBgVv6Z8Z\"><a href=\"https:\/\/github.com\/pingcap\/tidb\/releases\/tag\/v4.0.7\">4.0.7<\/a><\/div>\n<\/td>\n<td style=\"width: 24.0216%; height: 165px;\">\n<div class=\"ace-line ace-line old-record-id-doxcnIUwOgQOwgmS0Uj3EFVScZc\">Under certain conditions, users can bypass the authentication mechanism of caching_sha2_password to log in to TiDB.<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","accordion_column_title":"","accordion_sections":false,"video_image":false,"video_url":"","video_content":""}],"block_background":"block-bg-none","block_background_video_type":"url","block_background_video_url":"","block_background_video_file":false,"block_background_image":false,"block_background_overlay":false,"unique_id":"","block_option_custom_class":"","block_option_padding":[],"block_option_hide":[],"block_add_top_arc":false,"block_increase_bottom_padding":false}],"_links":{"self":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages\/29587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/users\/178"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/comments?post=29587"}],"version-history":[{"count":24,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages\/29587\/revisions"}],"predecessor-version":[{"id":29638,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages\/29587\/revisions\/29638"}],"up":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages\/7569"}],"wp:attachment":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/media?parent=29587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}