Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.10 views

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

8.1CVSS6.7AI score0.01549EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/07/31 12:0 a.m.25 views

Ubuntu 20.04 LTS : ClickHouse vulnerabilities (USN-6933-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6933-1 advisory. It was discovered that ClickHouse incorrectly handled memory, leading to a heap out-of-bounds data read. An attacker could possibly use this issue to cau...

8.8CVSS8.7AI score0.01646EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2022/11/09 12:0 a.m.28 views

Debian dla-3176 : clickhouse-client - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3176 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3176-1 [email protected]...

8.8CVSS8.7AI score0.01646EPSS
Exploits4References10
OpenVAS
OpenVAS
added 2022/11/05 12:0 a.m.21 views

Debian: Security Advisory (DLA-3176-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.5AI score0.01646EPSS
Exploits4References4
Debian
Debian
added 2022/11/04 6:11 a.m.34 views

[SECURITY] [DLA 3176-1] clickhouse security update

Debian LTS Advisory DLA-3176-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost November 03, 2022 https://wiki.debian.org/LTS Package : clickhouse Version : 18.16.1+ds-4+deb10u1 CVE ID : CVE-2021-42387 CVE-2021-42388 CVE-2021-43304 CVE-2021-43305 Debian Bug : 1008216...

8.8CVSS7.8AI score0.01646EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/03/16 7:53 a.m.53 views

Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication,...

9.1CVSS1.5AI score0.54889EPSS
Exploits14
Debian CVE
Debian CVE
added 2022/03/14 12:0 a.m.60 views

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

8.1CVSS8AI score0.01549EPSS
Exploits1
CVE
CVE
added 2022/03/14 12:0 a.m.132 views

CVE-2021-42387

CVE-2021-42387 affects ClickHouse. It describes a heap out-of-bounds read in the LZ4 compression codec during parsing a malicious query: a 16-bit unsigned offset read in LZ4::decompressImpl() is used to determine the copy length without checking the upper bounds of the source, potentially causing...

8.1CVSS8.2AI score0.01549EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder