Lucene search
GoogleOSV:CVE-2021-43305HistoryMar 14, 2022 - 11:15 p.m.
CVE-2021-43305
2022-03-1423:15:00
Google
osv.dev
3
Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
Related
ubuntucve
ubuntucve
CVE-2021-43305
2022-03-14 00:00:00
CVE-2021-43304
2022-03-14 00:00:00
cvelist
cvelist
CVE-2021-43305
2022-03-14 00:00:00
CVE-2021-43304
2022-03-14 00:00:00
nvd
nvd
CVE-2021-43305
2022-03-14 23:15:08
CVE-2021-43304
2022-03-14 23:15:08
cve
cve
CVE-2021-43305
2022-03-14 23:15:08
CVE-2021-43304
2022-03-14 23:15:08
debiancve
debiancve
CVE-2021-43305
2022-03-14 23:15:08
CVE-2021-43304
2022-03-14 23:15:08
prion
prion
Heap overflow
2022-03-14 23:15:00
Heap overflow
2022-03-14 23:15:00
osv
osv
clickhouse - security update
2022-11-03 00:00:00
CVE-2021-43304
2022-03-14 23:15:08
nessus
nessus
Debian DLA-3176-1 : clickhouse - LTS security update
2022-11-09 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3176-1)
2022-11-05 00:00:00
debian
debian
[SECURITY] [DLA 3176-1] clickhouse security update
2022-11-04 06:11:35
clickhouse
clickhouse
Fixed in ClickHouse 21.10.2.15, 2021-10-18
2021-10-18 00:00:00
thn
thn
Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data
2022-03-16 07:53:00