Lucene search
JFROGCVELIST:CVE-2021-43305HistoryMar 14, 2022 - 12:00 a.m.
CVE-2021-43305
2022-03-1400:00:00
CWE-122
JFROG
www.cve.org
Heap buffer overflow in Clickhouseβs LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), donβt exceed the destination bufferβs limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
CNA Affected
[
{
"vendor": "yandex",
"product": "clickhouse",
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "21.10.2.15-stable",
"versionType": "custom"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2021-43305
2022-03-14 00:00:00
CVE-2021-43304
2022-03-14 00:00:00
osv
osv
CVE-2021-43305
2022-03-14 23:15:00
clickhouse - security update
2022-11-03 00:00:00
CVE-2021-43304
2022-03-14 23:15:08
cve
cve
CVE-2021-43305
2022-03-14 23:15:08
CVE-2021-43304
2022-03-14 23:15:08
nvd
nvd
CVE-2021-43305
2022-03-14 23:15:08
CVE-2021-43304
2022-03-14 23:15:08
debiancve
debiancve
CVE-2021-43305
2022-03-14 23:15:08
CVE-2021-43304
2022-03-14 23:15:08
prion
prion
Heap overflow
2022-03-14 23:15:00
Heap overflow
2022-03-14 23:15:00
openvas
openvas
Debian: Security Advisory (DLA-3176-1)
2022-11-05 00:00:00
nessus
nessus
Debian DLA-3176-1 : clickhouse - LTS security update
2022-11-09 00:00:00
debian
debian
[SECURITY] [DLA 3176-1] clickhouse security update
2022-11-04 06:11:35
cvelist
cvelist
CVE-2021-43304
2022-03-14 00:00:00
clickhouse
clickhouse
Fixed in ClickHouse 21.10.2.15, 2021-10-18Β
2021-10-18 00:00:00
thn
thn
Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data
2022-03-16 07:53:00