Lucene search
+L

7 matches found

Tenable Nessus
Tenable Nessus
added 2022/11/09 12:0 a.m.28 views

Debian dla-3176 : clickhouse-client - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3176 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3176-1 [email protected]...

8.8CVSS8.7AI score0.01646EPSS
Exploits4References10
OpenVAS
OpenVAS
added 2022/11/05 12:0 a.m.21 views

Debian: Security Advisory (DLA-3176-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.5AI score0.01646EPSS
Exploits4References4
Debian
Debian
added 2022/11/04 6:11 a.m.58 views

[SECURITY] [DLA 3176-1] clickhouse security update

Debian LTS Advisory DLA-3176-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost November 03, 2022 https://wiki.debian.org/LTS Package : clickhouse Version : 18.16.1+ds-4+deb10u1 CVE ID : CVE-2021-42387 CVE-2021-42388 CVE-2021-43304 CVE-2021-43305 Debian Bug : 1008216...

8.8CVSS7.8AI score0.01646EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/03/16 7:53 a.m.54 views

Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication,...

9.1CVSS1.5AI score0.54889EPSS
Exploits14
Cvelist
Cvelist
added 2022/03/14 12:0 a.m.31 views

CVE-2021-42388

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

8.2AI score0.01549EPSS
Exploits1References2
CVE
CVE
added 2022/03/14 12:0 a.m.130 views

CVE-2021-42388

CVE-2021-42388 affects ClickHouse’s LZ4 compression codec. In LZ4::decompressImpl(), a 16-bit unsigned offset is read from the compressed data and later used to determine a copy length without lower-bound source checks, causing a heap out-of-bounds read. This could enable crashes or memory-access...

8.1CVSS8.2AI score0.01549EPSS
Exploits1References2Affected Software1
ClickHouse
ClickHouse
added 2021/10/18 12:0 a.m.12 views

CVE-2021-42388

Heap out-of-bounds read in ClickHouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

8.1CVSS5.3AI score0.01549EPSS
Exploits1
Rows per page
Query Builder