CVE-2023-48704

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

CVE-2023-48704

The CVE-2023-48704 issue affects ClickHouse server and is caused by a heap buffer overflow in the Gorilla codec decompression logic. An unauthenticated attacker can send a crafted payload to the native interface (default port 9000/tcp) to crash the ClickHouse server. Public details in connected s...

CVE-2023-48298

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

Design/Logic Flaw

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298

CVE-2023-48298 affects ClickHouse, specifically the FPC codec decompression path. The issue is an integer underflow that can crash the server via a stack buffer overflow, exploitable by an unauthenticated attacker. The vulnerability is described as similar to CVE-2023-47118; no explicit remediati...

CVE-2023-48298

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

CVE-2023-28465

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

CVE-2023-28465

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

Directory traversal

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

CVE-2023-28465

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

Health Level 7 Security Vulnerability

Health Level 7 is a series of global standards for transferring clinical and administrative health data between applications from Health Level 7, Inc. A security vulnerability exists in Health Level 7 versions prior to 5.6.106 that stems from a package decompression feature in the core library th...

Denial Of Service (DoS)

gst-plugins-good is vulnerable to Denial Of Service DoS. The vulnerability arises from an integer overflow in the matroskademux element within the bzip decompression function, leading to a potential segmentation fault or the risk of a heap overwrite...

Denial Of Service (DoS)

gst-plugins-good is vulnerable to Denial Of Service DoS. The vulnerability stems from an integer overflow in the matroskademux element within the LZO decompression function, potentially causing a segmentation fault or the risk of a heap overwrite during MKV demuxing using LZO decompression...

The vulnerability lies in the implementation of “chain” compression mechanisms for the HTTP utility tool cURL, which allows a attacker to trigger a service failure.

The vulnerability of the “chain” compression mechanism implemented in the CURL command-line utility relates to the ability to perform an infinite number of decompression steps of server HTTP responses, which can lead to uncontrolled memory consumption. Exploiting this vulnerability allows a remot...

Rocky Linux 8 : brotli (RLSA-2021:1702)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1702 advisory. - A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a one-shot decompression request to a...