GitHub_MCVE-2023-48298CVE-2023-48298
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
50.4%
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| clickhouse | clickhouse | * | cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:* |
| clickhouse | clickhouse_cloud | * | cpe:2.3:a:clickhouse:clickhouse_cloud:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "ClickHouse",
"product": "ClickHouse",
"versions": [
{
"version": "<= 23.10.2.14",
"status": "affected"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
50.4%