Lucene search
JFROGCVELIST:CVE-2021-42388HistoryMar 14, 2022 - 12:00 a.m.
CVE-2021-42388
2022-03-1400:00:00
CWE-125
JFROG
www.cve.org
1
Heap out-of-bounds read in Clickhouse’s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (‘offset’) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.
CNA Affected
[
{
"vendor": "yandex",
"product": "clickhouse",
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "21.10.2.15-stable",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-42388
2022-03-14 23:15:07
clickhouse - security update
2022-11-03 00:00:00
ubuntucve
ubuntucve
CVE-2021-42388
2022-03-14 00:00:00
debiancve
debiancve
CVE-2021-42388
2022-03-14 23:15:07
cve
cve
CVE-2021-42388
2022-03-14 23:15:07
nvd
nvd
CVE-2021-42388
2022-03-14 23:15:07
prion
prion
Heap overflow
2022-03-14 23:15:00
nessus
nessus
Debian DLA-3176-1 : clickhouse - LTS security update
2022-11-09 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3176-1)
2022-11-05 00:00:00
debian
debian
[SECURITY] [DLA 3176-1] clickhouse security update
2022-11-04 06:11:35
thn
thn
Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data
2022-03-16 07:53:00