Medium severity5.4NVD Advisory· Published Jun 25, 2024· Updated Apr 15, 2026

CVE-2024-37820

Description

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/pingcap/tidbGo	< 8.2.0	8.2.0

Patches

3d68bd21240c

expression: fail `ColumnSubstituteImpl` if creating function returns error (#53716)

https://github.com/pingcap/tidbYangKeaoJun 3, 2024via ghsa

commit

3 files changed · +20 −1

pkg/expression/util.go+5 −1 modified

@@ -519,7 +519,11 @@ func ColumnSubstituteImpl(ctx BuildContext, expr Expression, schema *Schema, new
 			}
 		}
 		if substituted {
-			return true, hasFail, NewFunctionInternal(ctx, v.FuncName.L, v.RetType, refExprArr.Result()...)
+			newFunc, err := NewFunction(ctx, v.FuncName.L, v.RetType, refExprArr.Result()...)
+			if err != nil {
+				return true, true, v
+			}
+			return true, hasFail, newFunc
 		}
 	}
 	return false, false, expr

tests/integrationtest/r/planner/core/integration.result+7 −0 modified

@@ -4305,3 +4305,10 @@ id
 2
 drop table sys.t;
 set tidb_isolation_read_engines=DEFAULT;
+drop table if exists t;
+create table t (col TEXT);
+select 1 from (select t.col as c0, 46578369 as c1 from t) as t where
+case when (
+t.c0 in (t.c0, cast((cast(1 as unsigned) - cast(t.c1 as signed)) as char))
+) then 1 else 2 end;
+1

tests/integrationtest/t/planner/core/integration.test+8 −0 modified

@@ -2369,3 +2369,11 @@ set tidb_isolation_read_engines='tiflash';
 select * from sys.t;
 drop table sys.t;
 set tidb_isolation_read_engines=DEFAULT;
+
+# TestIssue53580
+drop table if exists t;
+create table t (col TEXT);
+select 1 from (select t.col as c0, 46578369 as c1 from t) as t where
+  case when (
+    t.c0 in (t.c0, cast((cast(1 as unsigned) - cast(t.c1 as signed)) as char))
+  ) then 1 else 2 end;
\ No newline at end of file

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-9g6g-xqv5-8g5wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-37820ghsaADVISORY
gist.github.com/ycybfhb/a9c1e14ce281f2f553adca84d384b761nvdWEB
github.com/pingcap/tidb/commit/3d68bd21240c610c6307713e2bd54a5e71c32608ghsaWEB
github.com/pingcap/tidb/issues/53580nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000