An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
CPE | Name | Operator | Version |
---|---|---|---|
clickhouse | ge | 22.9 | |
clickhouse | lt | 22.9.1.2603 | |
clickhouse | ge | 22.8 | |
clickhouse | lt | 22.8.2.11 | |
clickhouse | ge | 22.7 | |
clickhouse | lt | 22.7.4.16 | |
clickhouse | ge | 22.6 | |
clickhouse | lt | 22.6.6.16 | |
clickhouse | lt | 22.3.12.19 |