Vulnerability Issues in TiDB 5.3.3

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: TiDB5.3.3漏洞问题

| username: Jackie492391142

The security department conducted a vulnerability scan and reported the following issues. How can they be resolved?
Oracle MySQL Client Security Vulnerability (CVE-2020-2573)
Oracle MySQL cURL Component Input Validation Error Vulnerability (CVE-2022-27778)
Oracle MySQL cURL Component Input Validation Error Vulnerability (CVE-2022-32221)
Oracle MySQL Server InnoDB Security Vulnerability (CVE-2020-14775)
Oracle MySQL Server Server Optimizer Security Vulnerability (CVE-2020-14760)
Oracle MySQL Server Server: Optimizer Security Vulnerability (CVE-2020-14769)
Oracle MySQL Server Server: Security: LDAP Auth Security Vulnerability (CVE-2020-14827)
Oracle MySQL Server Server: Stored Procedure Security Vulnerability (CVE-2020-14672)
Oracle MySQL Server Server: Optimizer Security Vulnerability (CVE-2020-14793)
Oracle MySQL Server Security Vulnerability (CVE-2019-2914)
Oracle MySQL Server Security Vulnerability (CVE-2019-2946)
Oracle MySQL Server Security Vulnerability (CVE-2019-2948)
Oracle MySQL Server Security Vulnerability (CVE-2019-2960)
Oracle MySQL Server Security Vulnerability (CVE-2019-2993)
Oracle MySQL Server Security Vulnerability (CVE-2019-5443)
Oracle MySQL Server Security Vulnerability (CVE-2020-14539)
Oracle MySQL Server Security Vulnerability (CVE-2020-14540)
Oracle MySQL Server Security Vulnerability (CVE-2020-14547)
Oracle MySQL Server Security Vulnerability (CVE-2020-14553)
Oracle MySQL Server Security Vulnerability (CVE-2020-14559)
Oracle MySQL Server Security Vulnerability (CVE-2020-14567)
Oracle MySQL Server Security Vulnerability (CVE-2020-14576)
Oracle MySQL Server Security Vulnerability (CVE-2020-14790)
Oracle MySQL Server Security Vulnerability (CVE-2020-14869)
Oracle MySQL Server Security Vulnerability (CVE-2020-1967)
Oracle MySQL Server Security Vulnerability (CVE-2020-2577)
Oracle MySQL Server Security Vulnerability (CVE-2020-2579)
Oracle MySQL Server Security Vulnerability (CVE-2020-2584)
Oracle MySQL Server Security Vulnerability (CVE-2020-2589)
Oracle MySQL Server Security Vulnerability (CVE-2020-2660)
Oracle MySQL Server Security Vulnerability (CVE-2020-2763)
Oracle MySQL Server Code Issue Vulnerability (CVE-2020-1971)
Oracle MySQL Server Buffer Overflow Vulnerability (CVE-2021-3711)
Oracle MySQL Server Authorization Issue Vulnerability (CVE-2020-14867)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2146)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-21622)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2169)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2171)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2178)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2179)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2202)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2226)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-22922)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-22923)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-22925)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-22926)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-22945)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-22946)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-22947)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2307)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2356)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2372)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2385)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-2390)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2021-35624)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2022-21245)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2022-21270)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2022-21303)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2022-21304)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2022-21344)
Oracle MySQL Server Input Validation Error Vulnerability (CVE-2022-21367)
Oracle MySQL Server Information Disclosure Vulnerability (CVE-2019-2922)
Oracle MySQL Server Information Disclosure Vulnerability (CVE-2019-2923)
Oracle MySQL Server Information Disclosure Vulnerability (CVE-2019-2924)
Oracle MySQL Server Information Disclosure Vulnerability (CVE-2019-2969)
Oracle MySQL Server Information Disclosure Vulnerability (CVE-2021-22946)
Oracle MySQL Server Remote Security Vulnerability (CVE-2021-3449)
Oracle MySQL Server/MariaDB InnoDB Security Vulnerability (CVE-2020-14776)
Oracle MySQL Server/MariaDB InnoDB Component Security Vulnerability (CVE-2020-2760)
Oracle MySQL Server/MariaDB Server: FTS Component Denial of Service Vulnerability (CVE-2020-14765)
Oracle MySQL Server/MariaDB Server: Locking Security Vulnerability (CVE-2020-14812)
Oracle MySQL Server/MariaDB Server: Stored Procedure Component Security Vulnerability (CVE-2020-2812)
Oracle MySQL Server/MariaDB Security Vulnerability (CVE-2019-2614)
Oracle MySQL Server/MariaDB Security Vulnerability (CVE-2019-2627)
Oracle MySQL Server/MariaDB Security Vulnerability (CVE-2019-2628)
Oracle MySQL Server/MariaDB Security Vulnerability (CVE-2019-2974)
Oracle MySQL Server/MariaDB Security Vulnerability (CVE-2020-14550)
Oracle MySQL Server/MariaDB Security Vulnerability (CVE-2020-2574)
Oracle MySQL Server/MariaDB Denial of Service Vulnerability (CVE-2020-14789)
Oracle MySQL Server/MariaDB Input Validation Error Vulnerability (CVE-2019-2938)
Oracle MySQL Server/MariaDB Component Security Vulnerability (CVE-2020-2780)
Oracle MySQL Server/MariaDB Component Security Vulnerability (CVE-2020-2814)
Oracle MySQL Server/MariaDB Component Access Control Error Vulnerability (CVE-2019-2737)
Oracle MySQL Server/MariaDB Component Access Control Error Vulnerability (CVE-2019-2739)
Oracle MySQL Server/MariaDB Component Access Control Error Vulnerability (CVE-2019-2740)
Oracle MySQL Server/MariaDB Component Access Control Error Vulnerability (CVE-2019-2758)
Oracle MySQL Server/MariaDB Component Access Control Error Vulnerability (CVE-2019-2805)
Oracle MySQL Server/MariaDB Component Security Vulnerability (CVE-2020-2752)
Oracle MySQL Server Security Vulnerability (CVE-2019-1559)
Oracle MySQL Server Security Vulnerability (CVE-2019-17543)
Oracle MySQL Server Security Vulnerability (CVE-2019-2566)
Oracle MySQL Server Security Vulnerability (CVE-2019-2581)
Oracle MySQL Server Security Vulnerability (CVE-2019-2592)
Oracle MySQL Server Security Vulnerability (CVE-2019-2632)
Oracle MySQL Server Security Vulnerability (CVE-2019-2683)
Oracle MySQL Server Security Vulnerability (CVE-2021-22901)
Oracle MySQL Server Component Security Vulnerability (CVE-2019-1547)
Oracle MySQL Server Component Security Vulnerability (CVE-2019-5482)
Oracle MySQL Server Component Security Vulnerability (CVE-2020-2765)
Oracle MySQL Server Component Security Vulnerability (CVE-2020-2790)
Oracle MySQL Server Component Security Vulnerability (CVE-2020-2804)
Oracle MySQL Server Component Security Vulnerability (CVE-2020-2806)
Oracle MySQL Server Component Access Control Error Vulnerability (CVE-2019-2741)
Oracle MySQL Server Component Access Control Error Vulnerability (CVE-2019-2755)
Oracle MySQL Server Component Access Control Error Vulnerability (CVE-2019-2757)
Oracle MySQL Server Component Access Control Error Vulnerability (CVE-2019-2774)
Oracle MySQL Server Component Access Control Error Vulnerability (CVE-2019-2778)
Oracle MySQL Server Component Access Control Error Vulnerability (CVE-2019-2797)
Oracle MySQL Server Component Access Control Error Vulnerability (CVE-2019-2819)
Oracle MySQL Server Component Access Control Error Vulnerability (CVE-2019-3822)
Oracle MySQL Security Vulnerability (CVE-2020-2570)
Oracle MySQL Security Vulnerability (CVE-2021-2001)
Oracle MySQL Security Vulnerability (CVE-2021-2010)
Oracle MySQL Security Vulnerability (CVE-2021-2014)
Oracle MySQL Security Vulnerability (CVE-2021-2060)
Oracle MySQL Security Vulnerability (CVE-2022-21589)
Oracle MySQL Security Vulnerability (CVE-2022-21592)
Oracle MySQL Security Vulnerability (CVE-2022-21595)
Oracle MySQL Security Vulnerability (CVE-2022-21608)
Oracle MySQL Security Vulnerability (CVE-2022-21617)
Oracle MySQL Security Vulnerability (CVE-2023-21840)
Oracle MySQL Input Validation Error Vulnerability (CVE-2021-2160)
Oracle MySQL Input Validation Error Vulnerability (CVE-2021-2342)
Oracle MySQL Input Validation Error Vulnerability (CVE-2021-23841)
Oracle MySQL Input Validation Error Vulnerability (CVE-2022-21417)
Oracle MySQL Input Validation Error Vulnerability (CVE-2022-21427)
Oracle MySQL Input Validation Error Vulnerability (CVE-2022-21444)
Oracle MySQL Input Validation Error Vulnerability (CVE-2022-21451)
Oracle MySQL Input Validation Error Vulnerability (CVE-2022-21454)
Oracle MySQL Input Validation Error Vulnerability (CVE-2022-21460)
Oracle MySQL Input Validation Error Vulnerability (CVE-2022-21515)
Oracle MySQL/MariaDB Server Input Validation Error Vulnerability (CVE-2021-2144)
Oracle MySQL/MariaDB Server Input Validation Error Vulnerability (CVE-2021-2154)
Oracle MySQL/MariaDB Server Input Validation Error Vulnerability (CVE-2021-2166)
Oracle MySQL/MariaDB Server Input Validation Error Vulnerability (CVE-2021-2174)
Oracle MySQL/MariaDB Server Input Validation Error Vulnerability (CVE-2021-2180)
Oracle MySQL/MariaDB Server Input Validation Error Vulnerability (CVE-2021-2194)
Oracle MySQL/MariaDB Server Input Validation Error Vulnerability (CVE-2021-2389)
Oracle MySQL/MariaDB Server Input Validation Error Vulnerability (CVE-2021-35604)
Oracle MySQL/MariaDB Security Vulnerability (CVE-2021-2022)
Oracle MySQL/MariaDB Access Control Error Vulnerability (CVE-2021-2032)
Oracle MySQL/MariaDB Denial of Service Vulnerability (CVE-2021-2011)

| username: WalterWj | Original post link

You can change the MySQL version of the TiDB server: 如何修改 TiDB 版本号消除扫描器误报 - TiDB 的问答社区

| username: caiyfc | Original post link

The principle of the scanner is to match based on version information. For example, if it detects a certain version of MySQL, the scanner will display all the CVE vulnerabilities that exist for that version from the database. TiDB only uses the MySQL protocol, but its underlying structure is completely different, so changing the version number in TiDB will suffice.

| username: TiDBer_pkQ5q1l0 | Original post link

If you don’t want to change the version, just add a firewall to block the scanner’s requests. Our security team often scans and sends a bunch of rectifications.

| username: Jackie492391142 | Original post link

After modifying the version number, retesting indeed did not reveal any issues.

| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.