CVE-2023-47118

A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the T64 compression codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has...

Fixed in ClickHouse v23.10.5.20, 2023-11-26​

A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the T64 compression codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate...

Debian dla-3176 : clickhouse-client - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3176 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3176-1 [email protected]...

CVE-2021-42390

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

CVE-2021-42391

CVE-2021-42391 affects ClickHouse through a divide-by-zero flaw in the Gorilla compression codec. The vulnerability arises when parsing a malicious query: the first byte of the compressed buffer is used in a modulo operation without validating for zero, potentially causing denial of service. The ...

CVE-2021-43305

Summary : CVEs 2021-43304 and 2021-43305 describe heap/ buffer issues in ClickHouse’s LZ4 compression codec during parsing of crafted queries, due to unsafe copy bounds in LZ4::decompressImpl and the wildCopy function. The connected documents confirm a related set of advisories and mitigations ac...

Yandex ClickHouse 缓冲区错误漏洞

Yandex ClickHouse is a set of open source columnar databases for online analytical processing from the Russian company Yandex. Yandex ClickHouse suffers from a buffer error vulnerability that stems from a heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query...

PT-2021-23611 · Unknown +2 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: Clickhouse affected versions not specified Description: The issue is related to a divide-by-zero error in Clickhouse's Delta compression codec. This error occurs when parsing a malicious query, where the first byte of the compressed buffer is...

DSA-1471-1 libvorbis - several vulnerabilities

Bulletin has no description...