Debian dla-3176 : clickhouse-client - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3176 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3176-1 [email protected]...

Debian: Security Advisory (DLA-3176-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3176-1] clickhouse security update

Debian LTS Advisory DLA-3176-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost November 03, 2022 https://wiki.debian.org/LTS Package : clickhouse Version : 18.16.1+ds-4+deb10u1 CVE ID : CVE-2021-42387 CVE-2021-42388 CVE-2021-43304 CVE-2021-43305 Debian Bug : 1008216...

DLA-3176-1 clickhouse - security update

Bulletin has no description...

CVE-2022-39267

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With:...

CVE-2022-39267

CVE-2022-39267 affects Bifrost, a middleware that synchronizes MySQL/MariaDB to Redis, MongoDB, ClickHouse, and other services. The vulnerability occurs in versions prior to 1.8.8-release, where an attacker can bypass authentication in the admin and monitor user groups by removing the X-Requested...

Fixed in ClickHouse 22.9.1.2603, 2022-09-22​

A heap buffer overflow issue was discovered in ClickHouse server. A malicious user with ability to load data into ClickHouse server could crash the ClickHouse server by inserting a malformed CapnProto object...

PT-2022-27074 · Unknown +2 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 22.9.1.2603 ClickHouse versions prior to 22.8.2.11 ClickHouse versions prior to 22.7.4.16 ClickHouse versions prior to 22.6.6.16 ClickHouse versions prior to 22.3.12.19 Description: An issue was discovered in...

PT-2022-27073 · Unknown +2 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 22.9.1.2603 ClickHouse versions prior to 22.8.2.11 ClickHouse versions prior to 22.7.4.16 ClickHouse versions prior to 22.6.6.16 ClickHouse versions prior to 22.3.12.19 Description: A heap-based buffer overflow...

CVE-2022-44010

A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted HTTP request to the HTTP Endpoint listening on port 8123 by default, causing a heap-based buffer overflow that crashes the ClickHouse server process. This attack does not require...

CVE-2022-44011

A heap buffer overflow issue was discovered in ClickHouse server. A malicious user with ability to load data into ClickHouse server could crash the ClickHouse server by inserting a malformed CapnProto object. Fix has been pushed to version 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, 22.3.12.19...

abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +4 more potentially affected by CVE-2022-40604 via apache-airflow (>=2.3.2 <=2.4.0)

apache-airflow PYPI version =2.3.2, =0.1.0, =0.1.0, =0.10.0.1 Source cves: CVE-2022-40604 Source advisory: OSV:PYSEC-2022-279...

Malicious code in plywood-clickhouse-requester (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d749af061ec8b1d350c3b326fe3b7a722430d03538a5196d7c59bcaa919f8ccc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5377 Malicious code in plywood-clickhouse-requester (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d749af061ec8b1d350c3b326fe3b7a722430d03538a5196d7c59bcaa919f8ccc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the ClickHouse database management system allows a hacker to gain access to confidential data.

The vulnerability of the ClickHouse database management system is related to the exposure of information. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential data...

The vulnerability of the LZ4 compression codec in the ClickHouse database management system allows a hacker to execute arbitrary code.

The vulnerability of the LZ4 compression codec used by the ClickHouse database management system in OLAP queries is related to the possibility of buffer overflows in the queue. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

The vulnerability of the LZ4 compression codec in the ClickHouse database management system allows a hacker to execute arbitrary code.

The vulnerability of the LZ4 compression codec used by the ClickHouse database management system in OLAP queries is related to the possibility of buffer overflows in the queue. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication,...

DEBIAN-CVE-2021-43304

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...

CVE-2021-43304

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...