CVE-2024-41434 Information

Description

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (Column).GetDecimal. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the ‘RemoveUnnecessaryFirstRow’ it will check the expression between ‘Agg’ and ‘GroupBy’ but does not check the return type.

Reference

https://github.com/pingcap/tidb/issues/53733 https://gist.github.com/ycybfhb/4aa6809695b9e8a1cd1429e597c17517