13 matches found
EUVD-2025-6783
Malicious code in bioql PyPI...
CVE-2025-1385
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...
CVE-2025-1385
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...
CVE-2025-1385 Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...
CVE-2025-1385
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...
CVE-2024-6873 Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution.
It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time o...
CVE-2023-48704
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
CVE-2023-48704
The CVE-2023-48704 issue affects ClickHouse server and is caused by a heap buffer overflow in the Gorilla codec decompression logic. An unauthenticated attacker can send a crafted payload to the native interface (default port 9000/tcp) to crash the ClickHouse server. Public details in connected s...
CVE-2023-47118 Heap buffer overflow in T64 codec decompression
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
PT-2023-30912 · Unknown +1 · Gorilla Codec +2
Name of the Vulnerable Software and Affected Versions: ClickHouse versions 23.3.18.15, 23.8.8.20, 23.9.6.20, 23.10.5.20 ClickHouse Cloud version 23.9.2.47551 Description: A heap buffer overflow issue was discovered in the ClickHouse server, allowing an attacker to send a specially crafted payload...
CVE-2023-48298
An integer underflow vulnerability in the FPC compressions codec. An attacker can use it to cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has been pushed to the following open-source versions: v23.10.4.25, v23.9.5.29,...
CVE-2022-44010
A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted HTTP request to the HTTP Endpoint listening on port 8123 by default, causing a heap-based buffer overflow that crashes the ClickHouse server process. This attack does not require...
CVE-2022-44011
A heap buffer overflow issue was discovered in ClickHouse server. A malicious user with ability to load data into ClickHouse server could crash the ClickHouse server by inserting a malformed CapnProto object. Fix has been pushed to version 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, 22.3.12.19...