CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

525 matches found

ClickHouse•added 2023/11/26 12:0 a.m.•28 views

Fixed in ClickHouse v23.10.5.20, 2023-11-26

A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the T64 compression codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate...

7.5AI score

Exploits0Affected Software1

Positive Technologies•added 2023/11/26 12:0 a.m.•2 views

PT-2023-30321 · Unknown +1 · Clickhouse

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 23.10.2.13-stable ClickHouse versions prior to 23.9.4.11-stable ClickHouse versions prior to 23.8.6.16-lts ClickHouse versions prior to 23.3.16.7-lts Description: A heap buffer overflow issue was discovered in the...

9.8CVSS8.8AI score0.00462EPSS

Exploits0References15

Positive Technologies•added 2023/11/26 12:0 a.m.•3 views

PT-2023-30912 · Unknown +1 · Gorilla Codec +2

Name of the Vulnerable Software and Affected Versions: ClickHouse versions 23.3.18.15, 23.8.8.20, 23.9.6.20, 23.10.5.20 ClickHouse Cloud version 23.9.2.47551 Description: A heap buffer overflow issue was discovered in the ClickHouse server, allowing an attacker to send a specially crafted payload...

7.5CVSS7.7AI score0.00495EPSS

Exploits0References13

Positive Technologies•added 2023/11/26 12:0 a.m.•2 views

PT-2023-30765 · Unknown +1 · Clickhouse

Name of the Vulnerable Software and Affected Versions: ClickHouse affected versions not specified Description: The issue is an integer underflow resulting in a crash due to a stack buffer overflow in the decompression of the FPC codec. It can be triggered and exploited by an unauthenticated...

7.5CVSS7.6AI score0.00634EPSS

Exploits0References13

ClickHouse•added 2023/11/26 12:0 a.m.•10 views

CVE-2023-48704

A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the Gorilla codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has been push...

7.5CVSS5.8AI score0.00495EPSS

Exploits0

ClickHouse•added 2023/11/26 12:0 a.m.•11 views

CVE-2023-48298

An integer underflow vulnerability in the FPC compressions codec. An attacker can use it to cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has been pushed to the following open-source versions: v23.10.4.25, v23.9.5.29,...

7.5CVSS5.5AI score0.00634EPSS

Exploits0

ClickHouse•added 2023/11/26 12:0 a.m.•13 views

CVE-2023-47118

9.8CVSS5.8AI score0.00462EPSS

Exploits0

ATTACKERKB•added 2023/11/23 4:15 p.m.•2 views

CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

6.5CVSS6AI score0.00705EPSS

Exploits0References2

ATTACKERKB•added 2023/11/23 4:15 p.m.•2 views

CVE-2022-44010

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...

7.5CVSS6AI score0.00968EPSS

Exploits0References2