Lucene search
PRIOn knowledge basePRION:CVE-2021-43305HistoryMar 14, 2022 - 11:15 p.m.
Heap overflow
2022-03-1423:15:00
PRIOn knowledge base
www.prio-n.com
1
Heap buffer overflow in Clickhouseβs LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), donβt exceed the destination bufferβs limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 10.0 | |
| clickhouse | lt | 21.10.2.15 |
Related
ubuntucve
ubuntucve
CVE-2021-43305
2022-03-14 00:00:00
CVE-2021-43304
2022-03-14 00:00:00
osv
osv
CVE-2021-43305
2022-03-14 23:15:00
clickhouse - security update
2022-11-03 00:00:00
CVE-2021-43304
2022-03-14 23:15:08
cvelist
cvelist
CVE-2021-43305
2022-03-14 00:00:00
CVE-2021-43304
2022-03-14 00:00:00
cve
cve
CVE-2021-43305
2022-03-14 23:15:08
CVE-2021-43304
2022-03-14 23:15:08
nvd
nvd
CVE-2021-43305
2022-03-14 23:15:08
CVE-2021-43304
2022-03-14 23:15:08
debiancve
debiancve
CVE-2021-43305
2022-03-14 23:15:08
CVE-2021-43304
2022-03-14 23:15:08
nessus
nessus
Debian DLA-3176-1 : clickhouse - LTS security update
2022-11-09 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3176-1)
2022-11-05 00:00:00
debian
debian
[SECURITY] [DLA 3176-1] clickhouse security update
2022-11-04 06:11:35
clickhouse
clickhouse
Fixed in ClickHouse 21.10.2.15, 2021-10-18Β
2021-10-18 00:00:00
prion
prion
Heap overflow
2022-03-14 23:15:00
thn
thn
Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data
2022-03-16 07:53:00