8 matches found
CVE-2021-42387
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
Ubuntu 20.04 LTS : ClickHouse vulnerabilities (USN-6933-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6933-1 advisory. It was discovered that ClickHouse incorrectly handled memory, leading to a heap out-of-bounds data read. An attacker could possibly use this issue to cau...
Debian dla-3176 : clickhouse-client - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3176 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3176-1 [email protected]...
Debian: Security Advisory (DLA-3176-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3176-1] clickhouse security update
Debian LTS Advisory DLA-3176-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost November 03, 2022 https://wiki.debian.org/LTS Package : clickhouse Version : 18.16.1+ds-4+deb10u1 CVE ID : CVE-2021-42387 CVE-2021-42388 CVE-2021-43304 CVE-2021-43305 Debian Bug : 1008216...
Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data
Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication,...
CVE-2021-42387
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-42387
CVE-2021-42387 affects ClickHouse. It describes a heap out-of-bounds read in the LZ4 compression codec during parsing a malicious query: a 16-bit unsigned offset read in LZ4::decompressImpl() is used to determine the copy length without checking the upper bounds of the source, potentially causing...