Search CVE reports
1 – 10 of 18 results
CVE-2024-41436
Medium priorityClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | Needs evaluation | Not in release | Needs evaluation | — | — |
CVE-2024-6873
Medium priorityIt is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited...
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | Needs evaluation | Not in release | Needs evaluation | Not in release | Not in release |
CVE-2024-22412
Medium priorityClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the...
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | Needs evaluation | Not in release | Needs evaluation | — | — |
CVE-2023-48704
Medium priorityClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a...
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | Needs evaluation | Not in release | Needs evaluation | Ignored | Ignored |
CVE-2023-48298
Medium priorityClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in...
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | Needs evaluation | Not in release | Needs evaluation | Ignored | Ignored |
CVE-2023-47118
Medium priorityClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a...
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | Needs evaluation | Not in release | Needs evaluation | Ignored | Ignored |
CVE-2022-44011
Medium priorityAn issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions...
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | Needs evaluation | Not in release | Needs evaluation | Ignored | Ignored |
CVE-2022-44010
Medium priorityAn issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes...
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | Needs evaluation | Not in release | Needs evaluation | Ignored | Ignored |
CVE-2021-43305
Medium prioritySome fixes available 1 of 4
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy...
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | Not affected | — | Fixed | — | — |
CVE-2021-43304
Medium priorityHeap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy...
1 affected packages
clickhouse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
clickhouse | — | — | Not affected | — | Ignored |