CVE-2024-41434

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-41434
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the return type. NOTE: PingCAP disputes this, arguing that reproduction did not cause the security impact of service interruption to other users. They maintain it is a complex query bug in the product but not a DoS.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://gist.github.com/ycybfhb/4aa6809695b9e8a1cd1429e597c17517 Third Party Advisory
https://github.com/pingcap/tidb/issues/53733 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:pingcap:tidb:8.1.0:-:*:*:*:*:*:*
History

04 Sep 2025, 18:48

Type Values Removed Values Added
CPE cpe:2.3:a:pingcap:tidb:8.1.0:-:*:*:*:*:*:*
First Time Pingcap
Pingcap tidb
References () https://gist.github.com/ycybfhb/4aa6809695b9e8a1cd1429e597c17517 - () https://gist.github.com/ycybfhb/4aa6809695b9e8a1cd1429e597c17517 - Third Party Advisory
References () https://github.com/pingcap/tidb/issues/53733 - () https://github.com/pingcap/tidb/issues/53733 - Exploit, Issue Tracking

25 Sep 2024, 21:15

Type Values Removed Values Added
Summary (en) PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the return type. (en) PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the return type. NOTE: PingCAP disputes this, arguing that reproduction did not cause the security impact of service interruption to other users. They maintain it is a complex query bug in the product but not a DoS.

04 Sep 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Se descubrió que PingCAP TiDB v8.1.0 contenía un desbordamiento de búfer a través del componente (*Column).GetDecimal. Esto permite a los atacantes provocar una denegación de servicio (DoS) a través de una entrada manipulada para 'RemoveUnnecessaryFirstRow', que comprobará la expresión entre 'Agg' y 'GroupBy', pero no comprobará el tipo de retorno.

03 Sep 2024, 21:35

Type Values Removed Values Added
CWE CWE-400
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3

03 Sep 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-03 20:15

Updated : 2025-09-04 18:48

NVD link : CVE-2024-41434

Mitre link : CVE-2024-41434

CVE.ORG link : CVE-2024-41434

JSON object : View

Products Affected

pingcap

  • tidb
CWE
CWE-400

Uncontrolled Resource Consumption