OPENSUSE-SU-2026:10588-1 capnproto-1.4.0-2.1 on GA media

These are all security issues fixed in the capnproto-1.4.0-2.1 package on the GA media of openSUSE Tumbleweed...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the KJ-HTTP process. An attacker can cause the system to interpret a negative Content-Length value as an extremely large unsigned value by sending specially crafted HTTP requests or responses, potentially...

capnproto 环境问题漏洞

Capnproto is an open-source Proto serialization/RPC system—including core tools and C++ libraries. Versions of Capnproto prior to 1.4.0 contained environmental vulnerabilities. These vulnerabilities stemmed from the conversion of negative Content-Length values into unsigned numbers, which could...

capnproto 环境问题漏洞

Capnproto is an open-source Proto serialization/RPC system—including core tools and C++ libraries. Versions of Capnproto prior to 1.4.0 contained environmental vulnerabilities. These vulnerabilities stemmed from the use of chunked transmission encoding, where the block size parsing values were...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: clickhouse (UTSA-2026-005307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005307 advisory. An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: clickhouse (UTSA-2026-005267)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005267 advisory. An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server...

EUVD-2022-46974

Malicious code in bioql PyPI...

CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

Fedora 38 : capnproto / fastnetmon / librime / rr / sonic-visualiser (2022-ef11bad952)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-ef11bad952 advisory. Update capnproto to version 0.10.3 to address CVE-2022-46149. Dependent packages were rebuilt for both the fix for the security issue and the capnproto SONAM...

Fedora 37 : capnproto / fastnetmon / librime / rr / sonic-visualiser (2022-18023b665f)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-18023b665f advisory. Update capnproto to version 0.9.2 to address CVE-2022-46149. Dependent packages were rebuilt for both the fix for the security issue and the capnproto SONAME...

OPENSUSE-SU-2024:12543-1 capnproto-0.10.3-1.1 on GA media

These are all security issues fixed in the capnproto-0.10.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

Heap overflow

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

UBUNTU-CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

CVE-2022-44011

Summary (CVE-2022-44011) : An issue in ClickHouse allows an authenticated user (with the ability to load data) to trigger a heap buffer overflow and crash the server by inserting a malformed CapnProto object. This affects multiple branches/versions prior to the fixes and is mitigated by upgrading...

CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...