Skip to main content

Use of Externally-Controlled Format String

CVE-2022-3023

Severity High
Score 9.8/10

Summary

Use of Externally-Controlled Format String in pingcap/tidb prior to 6.1.3 and 6.2.x prior to 6.4.0.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-134 - Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

Advisory Timeline

  • Published