CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
50.4%
ClickHouse® is an open-source column-oriented database management system
that allows generating analytical data reports in real-time. This
vulnerability is an integer underflow resulting in crash due to stack
buffer overflow in decompression of FPC codec. It can be triggered and
exploited by an unauthenticated attacker. The vulnerability is very similar
to CVE-2023-47118 with how the vulnerable function can be exploited.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | clickhouse | < any | UNKNOWN |
ubuntu | 24.04 | noarch | clickhouse | < any | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
50.4%