{"id":"GHSA-9g6g-xqv5-8g5w","summary":"PingCAP TiDB nil pointer dereference","details":"A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation.","aliases":["CVE-2024-37820","GO-2024-3284"],"modified":"2024-11-27T21:55:55Z","published":"2024-06-25T21:31:15Z","database_specific":{"cwe_ids":["CWE-476"],"github_reviewed":true,"github_reviewed_at":"2024-11-21T23:19:51Z","nvd_published_at":"2024-06-25T19:15:11Z","severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37820"},{"type":"WEB","url":"https://github.com/pingcap/tidb/issues/53580"},{"type":"WEB","url":"https://github.com/pingcap/tidb/commit/3d68bd21240c610c6307713e2bd54a5e71c32608"},{"type":"WEB","url":"https://gist.github.com/ycybfhb/a9c1e14ce281f2f553adca84d384b761"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-9g6g-xqv5-8g5w"},{"type":"PACKAGE","url":"https://github.com/pingcap/tidb"}],"affected":[{"package":{"name":"github.com/pingcap/tidb","ecosystem":"Go","purl":"pkg:golang/github.com/pingcap/tidb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"8.2.0"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-9g6g-xqv5-8g5w/GHSA-9g6g-xqv5-8g5w.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"}]}