3663 matches found
CVE-2021-42390
ClickHouse DeltaDouble compression codec vulnerability (CVE-2021-42390) arises from a divide-by-zero when the first byte of a compressed buffer is used in a modulo operation without zero-checking. It is exploited during parsing a malicious query, potentially causing a denial-of-service. The issue...
CVE-2021-42390
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...
CVE-2021-42389
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...
CVE-2021-42389
CVE-2021-42389 affects ClickHouse’s Delta compression codec. The vulnerability is a divide-by-zero: during parsing a malicious query, the first byte of the compressed buffer is used in a modulo operation without checking for 0. The issue is tied to the Delta codec, as described in multiple source...
CVE-2021-42389
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...
CVE-2021-42387
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-43305
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits. This issu...
CVE-2021-43304
CVE-2021-43304 describes a heap-buffer overflow in ClickHouse’s LZ4 compression codec when parsing a malicious query. The root cause is the LZ4::decompressImpl loop, where the arbitrary copy operation wildCopy(op, ip, copy_end) can exceed the destination buffer’s bounds. This vulnerability is lin...
CVE-2021-43305
Summary : CVEs 2021-43304 and 2021-43305 describe heap/ buffer issues in ClickHouse’s LZ4 compression codec during parsing of crafted queries, due to unsafe copy bounds in LZ4::decompressImpl and the wildCopy function. The connected documents confirm a related set of advisories and mitigations ac...
Yandex ClickHouse 缓冲区错误漏洞
Yandex ClickHouse is a set of open source columnar databases for online analytical processing from the Russian company Yandex. Yandex ClickHouse suffers from a buffer error vulnerability that stems from a heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query...
CVE-2021-42387
CVE-2021-42387 affects ClickHouse. It describes a heap out-of-bounds read in the LZ4 compression codec during parsing a malicious query: a 16-bit unsigned offset read in LZ4::decompressImpl() is used to determine the copy length without checking the upper bounds of the source, potentially causing...
CVE-2021-43304
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...
CVE-2021-42388
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-42388
CVE-2021-42388 affects ClickHouse’s LZ4 compression codec. In LZ4::decompressImpl(), a 16-bit unsigned offset is read from the compressed data and later used to determine a copy length without lower-bound source checks, causing a heap out-of-bounds read. This could enable crashes or memory-access...
CVE-2021-43305
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits. This issu...
CVE-2021-42388
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-42387
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-43304
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...
Chaya - Advance Image Steganography
Chaya protects your privacy through steganography, cryptography and compression. It effectively encrypts your payloads using AES-256-GCM cryptography, embeds them using LSB-LPS steganography technique into images and compresses them using FLIF to evade detection by performing lossless compression...
CVE-2021-43086
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encodeise in function compresssymbolicblockforpartition2planes in "/Source/astcenccompresssymbolic.cpp"...