10 matches found
Fixed in ClickHouse v23.10.5.20, 2023-11-26
A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the T64 compression codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate...
CVE-2023-47118
A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the T64 compression codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has...
Debian dla-3176 : clickhouse-client - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3176 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3176-1 [email protected]...
CVE-2021-42390
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...
CVE-2021-42387
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-42391
CVE-2021-42391 affects ClickHouse through a divide-by-zero flaw in the Gorilla compression codec. The vulnerability arises when parsing a malicious query: the first byte of the compressed buffer is used in a modulo operation without validating for zero, potentially causing denial of service. The ...
CVE-2021-43305
Summary : CVEs 2021-43304 and 2021-43305 describe heap/ buffer issues in ClickHouse’s LZ4 compression codec during parsing of crafted queries, due to unsafe copy bounds in LZ4::decompressImpl and the wildCopy function. The connected documents confirm a related set of advisories and mitigations ac...
Yandex ClickHouse 缓冲区错误漏洞
Yandex ClickHouse is a set of open source columnar databases for online analytical processing from the Russian company Yandex. Yandex ClickHouse suffers from a buffer error vulnerability that stems from a heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query...
PT-2021-23611 · Unknown +2 · Clickhouse +1
Name of the Vulnerable Software and Affected Versions: Clickhouse affected versions not specified Description: The issue is related to a divide-by-zero error in Clickhouse's Delta compression codec. This error occurs when parsing a malicious query, where the first byte of the compressed buffer is...
DSA-1471-1 libvorbis - several vulnerabilities
Bulletin has no description...