CVE-2024-41433

Name of the Vulnerable Software and Affected Versions PingCAP TiDB version 8.1.0

Description The issue is related to a buffer overflow in the expression.ExplainExpressionList component, which can be exploited by attackers to cause a Denial of Service (DoS) via a crafted input. However, PingCAP argues that this is a complex query bug and not a DoS vulnerability, as the actual reproduction of this issue did not cause the security impact of service interruption to other users.

Recommendations For PingCAP TiDB version 8.1.0, as a temporary workaround, consider disabling the expression.ExplainExpressionList component until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.