CVE-2024-35618 – This vulnerability in PingCAP TiDB v7.5.1 invol... (How to Fix)

Q: What is the severity of CVE-2024-35618?

CVE-2024-35618 has a CVSS score of 7.5 (HIGH). This vulnerability in PingCAP TiDB v7.5.1 involves a NULL pointer dereference in the SortedRowContainer component, which can cause the database service to crash or potentially allow denial of service. It affects organizations running vulnerable TiDB versions in production environments. The issue stems from improper handling of NULL pointers during sorted row operations.

📋 TL;DR

This vulnerability in PingCAP TiDB v7.5.1 involves a NULL pointer dereference in the SortedRowContainer component, which can cause the database service to crash or potentially allow denial of service. It affects organizations running vulnerable TiDB versions in production environments. The issue stems from improper handling of NULL pointers during sorted row operations.

💻 Affected Systems

Products:

PingCAP TiDB

Versions: v7.5.1

Operating Systems: All platforms running TiDB

Default Config Vulnerable: ⚠️ Yes

Notes: Only TiDB v7.5.1 is confirmed affected. Earlier versions may be vulnerable if similar code exists.

📦 What is this software?

Tidb by Pingcap

View all CVEs affecting Tidb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service crash leading to extended downtime and data unavailability for applications relying on TiDB.

🟠

Likely Case

Service instability with intermittent crashes affecting database performance and availability.

🟢

If Mitigated

Minimal impact if proper monitoring and redundancy are in place, with quick service restoration.

🌐 Internet-Facing: MEDIUM - While the vulnerability could be triggered remotely, it requires specific conditions and database operations to exploit.

🏢 Internal Only: MEDIUM - Internal applications or users with database access could trigger the vulnerability through normal operations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires database access and specific operations that trigger the SortedRowContainer functionality. Public GitHub issues demonstrate the crash scenario.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v7.5.2 or later

Vendor Advisory: https://github.com/pingcap/tidb/issues/52768

Restart Required: Yes

Instructions:

1. Backup your TiDB cluster data. 2. Upgrade TiDB to v7.5.2 or later using your deployment method (TiUP, TiDB Operator, or manual). 3. Restart TiDB services to apply the update. 4. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Limit SortedRowContainer Usage

all

Avoid operations that heavily utilize SortedRowContainer functionality until patched.

Implement Rate Limiting

all

Configure database connection and query rate limits to reduce likelihood of triggering the vulnerability.

🧯 If You Can't Patch

Implement strict access controls to limit who can execute database operations
Deploy additional monitoring for TiDB process crashes and implement automated restart procedures

🔍 How to Verify

Check if Vulnerable:

Check TiDB version: Connect to TiDB and run 'SELECT VERSION();' - if it returns '7.5.1', the system is vulnerable.

Check Version:

SELECT VERSION();

Verify Fix Applied:

After upgrading, run 'SELECT VERSION();' again to confirm version is 7.5.2 or later. Monitor TiDB logs for stability.

📡 Detection & Monitoring

Log Indicators:

TiDB process crashes with NULL pointer dereference errors
Stack traces mentioning SortedRowContainer in error logs
Unexpected TiDB service restarts

Network Indicators:

Increased database connection failures
Application errors related to database connectivity

SIEM Query:

source="tidb.logs" AND ("NULL pointer" OR "SortedRowContainer" OR "panic")

📊 Metadata

CVE ID: CVE-2024-35618

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 24, 2024

Last Updated: June 10, 2025

🔗 References

https://gist.github.com/GaranR/0b75c6f2c0215db39c910022daf6522c Third Party Advisory
https://github.com/pingcap/tidb/issues/52768 Issue Tracking,Product
https://gist.github.com/GaranR/0b75c6f2c0215db39c910022daf6522c Third Party Advisory
https://github.com/pingcap/tidb/issues/52768 Issue Tracking,Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35618, you might also want to check these: