Miggo Logo
Miggo Vulnerability Database
CVE-2024-37820

CVE-2024-37820: PingCAP TiDB nil pointer dereference

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-37820
GHSA ID
GHSA-9g6g-xqv5-8g5w
EPSS Score
0.4069%
CWE
CWE-476
Published
6/25/2024
Updated
11/27/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/pingcap/tidbgo< 8.2.08.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The key vulnerability stems from the ColumnSubstituteImpl function's handling of NewFunctionInternal calls. The original code (vulnerable version) directly returned NewFunctionInternal without error checking. The patch replaces this with NewFunction with error handling, indicating that the nil return from failed function creation was the root cause. The stack trace shows the panic occurs in inferCollation() when processing expressions substituted by this function. The commit specifically addresses this code path by adding error propagation to prevent nil values from being used in subsequent operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* nil point*r **r***r*n** in Pin***P Ti** v*.*.*-*lp**-***-******** *llows *tt**k*rs to *r*s* t** *ppli**tion vi* *xpr*ssion.in**r*oll*tion.

Reasoning

T** k*y vuln*r**ility st*ms *rom t** `*olumnSu*stitut*Impl` *un*tion's **n*lin* o* `N*w*un*tionInt*rn*l` **lls. T** ori*in*l *o** (vuln*r**l* v*rsion) *ir**tly r*turn** `N*w*un*tionInt*rn*l` wit*out *rror ****kin*. T** p*t** r*pl***s t*is wit* `N*w*u