Lucene search
K

53 matches found

osv
osv
added 2023/11/23 12:0 a.m.6 views

CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

6.5CVSS7AI score0.00705EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/11/23 12:0 a.m.5 views

ClickHouse Security Breach

ClickHouse is ClickHouse's fastest and most resource-efficient open source database for real-time applications and analytics. A security vulnerability exists in versions prior to ClickHouse 22.9.1.2603. An attacker exploited the vulnerability to cause the server to crash...

6.5CVSS6.7AI score0.00705EPSS
Exploits0References1
osv
osv
added 2023/11/23 12:0 a.m.5 views

CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

7.5CVSS7.1AI score0.00968EPSS
Exploits0References3
osv
osv
added 2023/05/12 8:18 p.m.2 views

GHSA-G8PH-74M6-8M7R ClickHouse vulnerable to client certificate password exposure in client exception

Summary As initially reported in issue 1331, when client certificate authentication is enabled with password protection, the password referred to as the client option sslkey may be exposed in client exceptions e.g., ClickHouseException or SQLException. This vulnerability can potentially lead to...

4.8CVSS7AI score0.0067EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2021/10/18 12:0 a.m.4 views

PT-2021-23611 · Unknown +2 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: Clickhouse affected versions not specified Description: The issue is related to a divide-by-zero error in Clickhouse's Delta compression codec. This error occurs when parsing a malicious query, where the first byte of the compressed buffer is...

8.8CVSS6.9AI score0.01646EPSS
Exploits7References21
ptsecurity
ptsecurity
added 2021/10/18 12:0 a.m.3 views

PT-2021-23610 · Unknown +4 · Clickhouse +3

Name of the Vulnerable Software and Affected Versions: ClickHouse affected versions not specified Description: A heap out-of-bounds read issue exists in ClickHouse's LZ4 compression codec when parsing a malicious query. The LZ4::decompressImpl loop reads a 16-bit unsigned user-supplied value offs...

8.8CVSS6.9AI score0.01646EPSS
Exploits7References37
ptsecurity
ptsecurity
added 2021/10/18 12:0 a.m.5 views

PT-2021-23612 · Unknown +2 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: Clickhouse affected versions not specified Description: The issue is related to a divide-by-zero error in Clickhouse's DeltaDouble compression codec. This occurs when parsing a malicious query, where the first byte of the compressed buffer is...

8.8CVSS6.9AI score0.01646EPSS
Exploits7References21
clickhouse
clickhouse
added 2021/10/18 12:0 a.m.14 views

CVE-2021-42389

Divide-by-zero in ClickHouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. JFrog Security Research Team...

6.5CVSS5.5AI score0.01239EPSS
Exploits1
ptsecurity
ptsecurity
added 2019/11/12 12:0 a.m.5 views

PT-2019-14693 · Yandex +1 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 19.14 Description: The issue concerns an out-of-bounds OOB read, OOB write, and integer underflow in decompression algorithms. This can be exploited to achieve remote code execution RCE or cause a denial of servic...

9.8CVSS7AI score0.01695EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2019/11/12 12:0 a.m.5 views

PT-2019-13937 · Yandex +1 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 19.14.3 Description: The issue allows an attacker with write access to ZooKeeper and the ability to run a custom server on the network where ClickHouse runs to create a malicious server acting as a ClickHouse...

9.8CVSS6.5AI score0.01695EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2019/10/01 12:0 a.m.4 views

PT-2019-15559 · Alt Linux Team +2 · Alt Linux +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 19.13.5.44 ALT Linux affected versions not specified Description: The issue allows HTTP header injection via the url table function. There is also a mention of a vulnerability in the ALT Linux package, but details...

5.3CVSS5.2AI score0.01466EPSS
Exploits0References10
osv
osv
added 2019/08/15 6:15 p.m.15 views

CVE-2018-14671

In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability...

9.8CVSS7.9AI score0.03422EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2019/08/15 12:0 a.m.4 views

PT-2019-9043 · Yandex · Clickhouse

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 18.12.13 Description: The issue allows path traversal and reading of arbitrary files through error messages in functions for loading CatBoost models. Recommendations: For versions prior to 18.12.13, update to...

5.3CVSS5.3AI score0.01741EPSS
Exploits0References8
Rows per page
Query Builder