7 matches found
Debian dla-3176 : clickhouse-client - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3176 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3176-1 [email protected]...
Debian: Security Advisory (DLA-3176-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3176-1] clickhouse security update
Debian LTS Advisory DLA-3176-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost November 03, 2022 https://wiki.debian.org/LTS Package : clickhouse Version : 18.16.1+ds-4+deb10u1 CVE ID : CVE-2021-42387 CVE-2021-42388 CVE-2021-43304 CVE-2021-43305 Debian Bug : 1008216...
Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data
Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication,...
CVE-2021-42388
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-42388
CVE-2021-42388 affects ClickHouse’s LZ4 compression codec. In LZ4::decompressImpl(), a 16-bit unsigned offset is read from the compressed data and later used to determine a copy length without lower-bound source checks, causing a heap out-of-bounds read. This could enable crashes or memory-access...
CVE-2021-42388
Heap out-of-bounds read in ClickHouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...