Search criteria
72 vulnerabilities found for clickhouse by clickhouse
CVE-2025-52969 (GCVE-0-2025-52969)
Vulnerability from cvelistv5 – Published: 2025-06-23 00:00 – Updated: 2025-07-03 15:20
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-07-03T15:20:56.984Z",
"orgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"shortName": "ClickHouse"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52969",
"datePublished": "2025-06-23T00:00:00.000Z",
"dateRejected": "2025-07-03T15:20:56.984Z",
"dateReserved": "2025-06-23T00:00:00.000Z",
"dateUpdated": "2025-07-03T15:20:56.984Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16536 (GCVE-0-2019-16536)
Vulnerability from cvelistv5 – Published: 2025-05-21 07:13 – Updated: 2025-05-21 13:49
VLAI?
Summary
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.
Severity ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Clickhouse | DB |
Affected:
19.14.3.3
(semver)
|
Credits
Eldar Zaitov of Yandex Information Security Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T13:49:29.127360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T13:49:34.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "DB",
"vendor": "Clickhouse",
"versions": [
{
"status": "affected",
"version": "19.14.3.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eldar Zaitov of Yandex Information Security Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T07:13:15.603Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://clickhouse.com/docs/whats-new/security-changelog"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow leading to DoS can be triggered by a malicious authenticated client.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2019-16536",
"datePublished": "2025-05-21T07:13:15.603Z",
"dateReserved": "2019-09-19T00:00:00.000Z",
"dateUpdated": "2025-05-21T13:49:34.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41436 (GCVE-0-2024-41436)
Vulnerability from cvelistv5 – Published: 2024-09-03 00:00 – Updated: 2024-09-03 19:27
VLAI?
Summary
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clickhouse",
"vendor": "clickhouse",
"versions": [
{
"status": "affected",
"version": "24.3.3.102"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41436",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:25:55.505080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:27:45.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:58:52.449034",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ClickHouse/ClickHouse/issues/65520"
},
{
"url": "https://gist.github.com/ycybfhb/db127ae9d105a4d20edc9f010a959016"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41436",
"datePublished": "2024-09-03T00:00:00",
"dateReserved": "2024-07-18T00:00:00",
"dateUpdated": "2024-09-03T19:27:45.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6873 (GCVE-0-2024-6873)
Vulnerability from cvelistv5 – Published: 2024-08-01 15:57 – Updated: 2024-08-02 15:18
VLAI?
Summary
It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.
Fixes have been merged to all currently supported version of ClickHouse. If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit https://github.com/ClickHouse/ClickHouse/pull/64024 .
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
v23.8.0 , < v23.8.15.35-lts
(custom)
Affected: v24.3.0 , < v24.3.4.147-lts (custom) Affected: v24.4.0 , < v24.4.2.141-stable (custom) Affected: v24.5.0 , < v24.5.1.1763 (custom) Affected: v24.6.0 , < v24.6.1.4423-stable (custom) |
Credits
malacupa (Independent researcher)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:18:14.184641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:28.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "clickhouse",
"product": "ClickHouse",
"repo": "https://github.com/ClickHouse/clickhouse",
"vendor": "ClickHouse",
"versions": [
{
"lessThan": "v23.8.15.35-lts",
"status": "affected",
"version": "v23.8.0",
"versionType": "custom"
},
{
"lessThan": "v24.3.4.147-lts",
"status": "affected",
"version": "v24.3.0",
"versionType": "custom"
},
{
"lessThan": "v24.4.2.141-stable",
"status": "affected",
"version": "v24.4.0",
"versionType": "custom"
},
{
"lessThan": "v24.5.1.1763",
"status": "affected",
"version": "v24.5.0",
"versionType": "custom"
},
{
"lessThan": "v24.6.1.4423-stable",
"status": "affected",
"version": "v24.6.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "malacupa (Independent researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIt is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u0026nbsp;Fixes have been merged to all currently supported version of ClickHouse.\u0026nbsp;If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/ClickHouse/ClickHouse/pull/64024\"\u003ehttps://github.com/ClickHouse/ClickHouse/pull/64024\u003c/a\u003e."
}
],
"value": "It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.\n\n\u00a0Fixes have been merged to all currently supported version of ClickHouse.\u00a0If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit\u00a0 https://github.com/ClickHouse/ClickHouse/pull/64024 ."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:57:41.585Z",
"orgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"shortName": "ClickHouse"
},
"references": [
{
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-432f-r822-j66f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eClickHouse recommends locking down native interface to trusted IP addresses only until the system is patched.\u003c/p\u003e"
}
],
"value": "ClickHouse recommends locking down native interface to trusted IP addresses only until the system is patched."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"assignerShortName": "ClickHouse",
"cveId": "CVE-2024-6873",
"datePublished": "2024-08-01T15:57:25.304Z",
"dateReserved": "2024-07-18T03:24:47.800Z",
"dateUpdated": "2024-08-02T15:18:28.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22412 (GCVE-0-2024-22412)
Vulnerability from cvelistv5 – Published: 2024-03-18 20:51 – Updated: 2024-08-01 22:43
VLAI?
Summary
ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn't have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
= 23.1
Affected: < 24.0.2.54535 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clickhouse",
"vendor": "clickhouse",
"versions": [
{
"lessThan": "24.0.2.54535",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:clickhouse:clickhouse:23.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clickhouse",
"vendor": "clickhouse",
"versions": [
{
"status": "affected",
"version": "23.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:15:45.594283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:17:44.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/58611",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/58611"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "= 23.1"
},
{
"status": "affected",
"version": "\u003c 24.0.2.54535"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn\u0027t have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T20:51:40.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/58611",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/58611"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015"
}
],
"source": {
"advisory": "GHSA-45h5-f7g3-gr8r",
"discovery": "UNKNOWN"
},
"title": "ClickHouse\u0027s Role-based Access Control is bypassed when query caching is enabled."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22412",
"datePublished": "2024-03-18T20:51:40.313Z",
"dateReserved": "2024-01-10T15:09:55.551Z",
"dateUpdated": "2024-08-01T22:43:34.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48704 (GCVE-0-2023-48704)
Vulnerability from cvelistv5 – Published: 2023-12-22 15:18 – Updated: 2024-08-02 21:37
VLAI?
Summary
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
< 23.9.2.47551
Affected: < 23.10.5.20 Affected: < 23.3.18.15 Affected: < 23.8.8.20 Affected: < 23.9.6.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/57107",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/57107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "\u003c 23.9.2.47551"
},
{
"status": "affected",
"version": "\u003c 23.10.5.20"
},
{
"status": "affected",
"version": "\u003c 23.3.18.15"
},
{
"status": "affected",
"version": "\u003c 23.8.8.20"
},
{
"status": "affected",
"version": "\u003c 23.9.6.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T15:18:12.846Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/57107",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/57107"
}
],
"source": {
"advisory": "GHSA-5rmf-5g48-xv63",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated heap buffer overflow in Gorrila codec decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48704",
"datePublished": "2023-12-22T15:18:12.846Z",
"dateReserved": "2023-11-17T19:43:37.554Z",
"dateUpdated": "2024-08-02T21:37:54.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48298 (GCVE-0-2023-48298)
Vulnerability from cvelistv5 – Published: 2023-12-21 23:07 – Updated: 2024-11-27 15:47
VLAI?
Summary
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.
Severity ?
5.9 (Medium)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
<= 23.10.2.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/56795",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:47:32.929815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:47:44.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "\u003c= 23.10.2.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T23:07:43.901Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/56795",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795"
}
],
"source": {
"advisory": "GHSA-qw9f-qv29-8938",
"discovery": "UNKNOWN"
},
"title": "Integer underflow leading to stack overflow in FPC codec decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48298",
"datePublished": "2023-12-21T23:07:43.901Z",
"dateReserved": "2023-11-14T17:41:15.571Z",
"dateUpdated": "2024-11-27T15:47:44.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47118 (GCVE-0-2023-47118)
Vulnerability from cvelistv5 – Published: 2023-12-20 16:30 – Updated: 2024-08-02 21:01
VLAI?
Summary
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
< 23.3.16.7-lts
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "\u003c 23.3.16.7-lts"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T16:30:21.942Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v"
}
],
"source": {
"advisory": "GHSA-g22g-p6q2-x39v",
"discovery": "UNKNOWN"
},
"title": "Heap buffer overflow in T64 codec decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47118",
"datePublished": "2023-12-20T16:30:21.942Z",
"dateReserved": "2023-10-30T19:57:51.674Z",
"dateUpdated": "2024-08-02T21:01:22.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44011 (GCVE-0-2022-44011)
Vulnerability from cvelistv5 – Published: 2023-11-23 00:00 – Updated: 2024-08-03 13:47
VLAI?
Summary
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://clickhouse.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T15:56:19.267555",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://clickhouse.com"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44011",
"datePublished": "2023-11-23T00:00:00",
"dateReserved": "2022-10-29T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44010 (GCVE-0-2022-44010)
Vulnerability from cvelistv5 – Published: 2023-11-23 00:00 – Updated: 2024-08-03 13:47
VLAI?
Summary
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://clickhouse.com/docs/en/whats-new/security-changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T15:53:52.480658",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://clickhouse.com/docs/en/whats-new/security-changelog"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44010",
"datePublished": "2023-11-23T00:00:00",
"dateReserved": "2022-10-29T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52969 (GCVE-0-2025-52969)
Vulnerability from nvd – Published: 2025-06-23 00:00 – Updated: 2025-07-03 15:20
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-07-03T15:20:56.984Z",
"orgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"shortName": "ClickHouse"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52969",
"datePublished": "2025-06-23T00:00:00.000Z",
"dateRejected": "2025-07-03T15:20:56.984Z",
"dateReserved": "2025-06-23T00:00:00.000Z",
"dateUpdated": "2025-07-03T15:20:56.984Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16536 (GCVE-0-2019-16536)
Vulnerability from nvd – Published: 2025-05-21 07:13 – Updated: 2025-05-21 13:49
VLAI?
Summary
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.
Severity ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Clickhouse | DB |
Affected:
19.14.3.3
(semver)
|
Credits
Eldar Zaitov of Yandex Information Security Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T13:49:29.127360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T13:49:34.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "DB",
"vendor": "Clickhouse",
"versions": [
{
"status": "affected",
"version": "19.14.3.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eldar Zaitov of Yandex Information Security Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T07:13:15.603Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://clickhouse.com/docs/whats-new/security-changelog"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow leading to DoS can be triggered by a malicious authenticated client.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2019-16536",
"datePublished": "2025-05-21T07:13:15.603Z",
"dateReserved": "2019-09-19T00:00:00.000Z",
"dateUpdated": "2025-05-21T13:49:34.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41436 (GCVE-0-2024-41436)
Vulnerability from nvd – Published: 2024-09-03 00:00 – Updated: 2024-09-03 19:27
VLAI?
Summary
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clickhouse",
"vendor": "clickhouse",
"versions": [
{
"status": "affected",
"version": "24.3.3.102"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41436",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:25:55.505080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:27:45.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:58:52.449034",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ClickHouse/ClickHouse/issues/65520"
},
{
"url": "https://gist.github.com/ycybfhb/db127ae9d105a4d20edc9f010a959016"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41436",
"datePublished": "2024-09-03T00:00:00",
"dateReserved": "2024-07-18T00:00:00",
"dateUpdated": "2024-09-03T19:27:45.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6873 (GCVE-0-2024-6873)
Vulnerability from nvd – Published: 2024-08-01 15:57 – Updated: 2024-08-02 15:18
VLAI?
Summary
It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.
Fixes have been merged to all currently supported version of ClickHouse. If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit https://github.com/ClickHouse/ClickHouse/pull/64024 .
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
v23.8.0 , < v23.8.15.35-lts
(custom)
Affected: v24.3.0 , < v24.3.4.147-lts (custom) Affected: v24.4.0 , < v24.4.2.141-stable (custom) Affected: v24.5.0 , < v24.5.1.1763 (custom) Affected: v24.6.0 , < v24.6.1.4423-stable (custom) |
Credits
malacupa (Independent researcher)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:18:14.184641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:28.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "clickhouse",
"product": "ClickHouse",
"repo": "https://github.com/ClickHouse/clickhouse",
"vendor": "ClickHouse",
"versions": [
{
"lessThan": "v23.8.15.35-lts",
"status": "affected",
"version": "v23.8.0",
"versionType": "custom"
},
{
"lessThan": "v24.3.4.147-lts",
"status": "affected",
"version": "v24.3.0",
"versionType": "custom"
},
{
"lessThan": "v24.4.2.141-stable",
"status": "affected",
"version": "v24.4.0",
"versionType": "custom"
},
{
"lessThan": "v24.5.1.1763",
"status": "affected",
"version": "v24.5.0",
"versionType": "custom"
},
{
"lessThan": "v24.6.1.4423-stable",
"status": "affected",
"version": "v24.6.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "malacupa (Independent researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIt is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u0026nbsp;Fixes have been merged to all currently supported version of ClickHouse.\u0026nbsp;If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/ClickHouse/ClickHouse/pull/64024\"\u003ehttps://github.com/ClickHouse/ClickHouse/pull/64024\u003c/a\u003e."
}
],
"value": "It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.\n\n\u00a0Fixes have been merged to all currently supported version of ClickHouse.\u00a0If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit\u00a0 https://github.com/ClickHouse/ClickHouse/pull/64024 ."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:57:41.585Z",
"orgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"shortName": "ClickHouse"
},
"references": [
{
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-432f-r822-j66f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eClickHouse recommends locking down native interface to trusted IP addresses only until the system is patched.\u003c/p\u003e"
}
],
"value": "ClickHouse recommends locking down native interface to trusted IP addresses only until the system is patched."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"assignerShortName": "ClickHouse",
"cveId": "CVE-2024-6873",
"datePublished": "2024-08-01T15:57:25.304Z",
"dateReserved": "2024-07-18T03:24:47.800Z",
"dateUpdated": "2024-08-02T15:18:28.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22412 (GCVE-0-2024-22412)
Vulnerability from nvd – Published: 2024-03-18 20:51 – Updated: 2024-08-01 22:43
VLAI?
Summary
ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn't have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
= 23.1
Affected: < 24.0.2.54535 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clickhouse",
"vendor": "clickhouse",
"versions": [
{
"lessThan": "24.0.2.54535",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:clickhouse:clickhouse:23.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clickhouse",
"vendor": "clickhouse",
"versions": [
{
"status": "affected",
"version": "23.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:15:45.594283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:17:44.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/58611",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/58611"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "= 23.1"
},
{
"status": "affected",
"version": "\u003c 24.0.2.54535"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn\u0027t have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T20:51:40.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/58611",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/58611"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015"
}
],
"source": {
"advisory": "GHSA-45h5-f7g3-gr8r",
"discovery": "UNKNOWN"
},
"title": "ClickHouse\u0027s Role-based Access Control is bypassed when query caching is enabled."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22412",
"datePublished": "2024-03-18T20:51:40.313Z",
"dateReserved": "2024-01-10T15:09:55.551Z",
"dateUpdated": "2024-08-01T22:43:34.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48704 (GCVE-0-2023-48704)
Vulnerability from nvd – Published: 2023-12-22 15:18 – Updated: 2024-08-02 21:37
VLAI?
Summary
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
< 23.9.2.47551
Affected: < 23.10.5.20 Affected: < 23.3.18.15 Affected: < 23.8.8.20 Affected: < 23.9.6.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/57107",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/57107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "\u003c 23.9.2.47551"
},
{
"status": "affected",
"version": "\u003c 23.10.5.20"
},
{
"status": "affected",
"version": "\u003c 23.3.18.15"
},
{
"status": "affected",
"version": "\u003c 23.8.8.20"
},
{
"status": "affected",
"version": "\u003c 23.9.6.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T15:18:12.846Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/57107",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/57107"
}
],
"source": {
"advisory": "GHSA-5rmf-5g48-xv63",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated heap buffer overflow in Gorrila codec decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48704",
"datePublished": "2023-12-22T15:18:12.846Z",
"dateReserved": "2023-11-17T19:43:37.554Z",
"dateUpdated": "2024-08-02T21:37:54.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48298 (GCVE-0-2023-48298)
Vulnerability from nvd – Published: 2023-12-21 23:07 – Updated: 2024-11-27 15:47
VLAI?
Summary
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.
Severity ?
5.9 (Medium)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
<= 23.10.2.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/56795",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:47:32.929815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:47:44.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "\u003c= 23.10.2.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T23:07:43.901Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/56795",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795"
}
],
"source": {
"advisory": "GHSA-qw9f-qv29-8938",
"discovery": "UNKNOWN"
},
"title": "Integer underflow leading to stack overflow in FPC codec decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48298",
"datePublished": "2023-12-21T23:07:43.901Z",
"dateReserved": "2023-11-14T17:41:15.571Z",
"dateUpdated": "2024-11-27T15:47:44.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47118 (GCVE-0-2023-47118)
Vulnerability from nvd – Published: 2023-12-20 16:30 – Updated: 2024-08-02 21:01
VLAI?
Summary
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
< 23.3.16.7-lts
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "\u003c 23.3.16.7-lts"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T16:30:21.942Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v"
}
],
"source": {
"advisory": "GHSA-g22g-p6q2-x39v",
"discovery": "UNKNOWN"
},
"title": "Heap buffer overflow in T64 codec decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47118",
"datePublished": "2023-12-20T16:30:21.942Z",
"dateReserved": "2023-10-30T19:57:51.674Z",
"dateUpdated": "2024-08-02T21:01:22.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44011 (GCVE-0-2022-44011)
Vulnerability from nvd – Published: 2023-11-23 00:00 – Updated: 2024-08-03 13:47
VLAI?
Summary
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://clickhouse.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T15:56:19.267555",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://clickhouse.com"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44011",
"datePublished": "2023-11-23T00:00:00",
"dateReserved": "2022-10-29T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44010 (GCVE-0-2022-44010)
Vulnerability from nvd – Published: 2023-11-23 00:00 – Updated: 2024-08-03 13:47
VLAI?
Summary
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://clickhouse.com/docs/en/whats-new/security-changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T15:53:52.480658",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://clickhouse.com/docs/en/whats-new/security-changelog"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44010",
"datePublished": "2023-11-23T00:00:00",
"dateReserved": "2022-10-29T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2019-16536
Vulnerability from fkie_nvd - Published: 2025-05-21 08:15 - Updated: 2025-06-25 14:33
Severity ?
Summary
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A535E755-6FEF-4851-987A-827717769D2D",
"versionEndExcluding": "19.14.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3."
},
{
"lang": "es",
"value": "Un desbordamiento de pila que provoca un DoS puede ser provocado por un cliente autenticado malicioso en Clickhouse antes de la versi\u00f3n 19.14.3.3."
}
],
"id": "CVE-2019-16536",
"lastModified": "2025-06-25T14:33:42.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
},
"published": "2025-05-21T08:15:26.233",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Release Notes"
],
"url": "https://clickhouse.com/docs/whats-new/security-changelog"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "browser-security@yandex-team.ru",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-41436
Vulnerability from fkie_nvd - Published: 2024-09-03 19:15 - Updated: 2025-07-03 12:51
Severity ?
Summary
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/ycybfhb/db127ae9d105a4d20edc9f010a959016 | Third Party Advisory | |
| cve@mitre.org | https://github.com/ClickHouse/ClickHouse/issues/65520 | Exploit, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | 24.3.3.102 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:24.3.3.102:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF9BCEF-74CF-4BD0-8276-0A0764350AA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que ClickHouse v24.3.3.102 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s del componente DB::evaluateConstantExpressionImpl."
}
],
"id": "CVE-2024-41436",
"lastModified": "2025-07-03T12:51:14.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-09-03T19:15:14.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/ycybfhb/db127ae9d105a4d20edc9f010a959016"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/ClickHouse/ClickHouse/issues/65520"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-48704
Vulnerability from fkie_nvd - Published: 2023-12-22 16:15 - Updated: 2024-11-21 08:32
Severity ?
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse_cloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F746FA-4DEB-4388-8AD1-A7601A950790",
"versionEndExcluding": "23.3.18.15",
"versionStartIncluding": "23.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F20B40F1-6CCC-47CF-AD9F-C7C9EDBBCF4C",
"versionEndExcluding": "23.8.8.20",
"versionStartIncluding": "23.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D70CC6D-81AB-4240-8A87-6B85D868240F",
"versionEndExcluding": "23.9.6.20",
"versionStartIncluding": "23.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B62252C-3C03-42F9-93B1-C5E8C772BD02",
"versionEndExcluding": "23.10.5.20",
"versionStartIncluding": "23.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A26EA007-5F97-4407-881C-036BC0EB9487",
"versionEndExcluding": "23.9.2.47551",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20."
},
{
"lang": "es",
"value": "ClickHouse es un sistema de gesti\u00f3n de bases de datos orientado a columnas de c\u00f3digo abierto que permite generar informes de datos anal\u00edticos en tiempo real. Se descubri\u00f3 un problema de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el servidor ClickHouse. Un atacante podr\u00eda enviar un payload especialmente manipulado a la interfaz nativa expuesta de forma predeterminada en el puerto 9000/tcp, lo que desencadenar\u00eda un error en la l\u00f3gica de descompresi\u00f3n del c\u00f3dec Gorilla que bloquear\u00eda el proceso del servidor ClickHouse. Este ataque no requiere autenticaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 23.9.2.47551 de ClickHouse Cloud y en las versiones 23.10.5.20, 23.3.18.15, 23.8.8.20 y 23.9.6.20 de ClickHouse."
}
],
"id": "CVE-2023-48704",
"lastModified": "2024-11-21T08:32:17.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-22T16:15:08.680",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/57107"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/57107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-48298
Vulnerability from fkie_nvd - Published: 2023-12-21 23:15 - Updated: 2024-11-21 08:31
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse_cloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3ACE71-E086-4AE4-99EE-42AD774EED64",
"versionEndIncluding": "23.3.17.13",
"versionStartIncluding": "23.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A32881DE-F775-4AC0-A88D-9BC7885D116E",
"versionEndIncluding": "23.8.7.24",
"versionStartIncluding": "23.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65BDEEEB-BC9D-4AA5-BE72-D0C67A88A3FA",
"versionEndIncluding": "23.9.5.29",
"versionStartIncluding": "23.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAC16B5-C710-4F5F-9E65-27E260D110A5",
"versionEndIncluding": "23.10.4.25",
"versionStartIncluding": "23.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D2CD6AA-64F5-4D44-B0CA-69A1F4416E16",
"versionEndIncluding": "23.9.2.47475",
"versionStartIncluding": "23.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.\n"
},
{
"lang": "es",
"value": "ClickHouse\u00ae es un sistema de gesti\u00f3n de bases de datos orientado a columnas de c\u00f3digo abierto que permite generar informes de datos anal\u00edticos en tiempo real. Esta vulnerabilidad es un desbordamiento insuficiente de enteros que provoca un bloqueo debido al desbordamiento de b\u00fafer de pila en la descompresi\u00f3n del c\u00f3dec FPC. Puede ser desencadenado y explotado por un atacante no autenticado. La vulnerabilidad es muy similar a CVE-2023-47118 en cuanto a c\u00f3mo se puede explotar la funci\u00f3n vulnerable."
}
],
"id": "CVE-2023-48298",
"lastModified": "2024-11-21T08:31:26.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T23:15:09.047",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-47118
Vulnerability from fkie_nvd - Published: 2023-12-20 17:15 - Updated: 2024-11-21 08:29
Severity ?
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse_cloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "9F6DA246-2CAE-4275-9B8F-BB2B62552CB6",
"versionEndExcluding": "23.3.16.7",
"versionStartIncluding": "23.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "119AE2ED-89C2-4BAD-815E-E99C43100931",
"versionEndExcluding": "23.8.6.16",
"versionStartIncluding": "23.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FED37B9B-2283-4183-AFD5-0DFAE3977952",
"versionEndExcluding": "23.9.4.11",
"versionStartIncluding": "23.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5FD4A2-291E-432A-8597-1FFD90B6340D",
"versionEndExcluding": "23.10.2.13",
"versionStartIncluding": "23.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB5BAAB-45AC-456E-B617-43F0F9A22CAF",
"versionEndExcluding": "23.9.2.47475",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.\n"
},
{
"lang": "es",
"value": "ClickHouse\u00ae es un sistema de gesti\u00f3n de bases de datos orientado a columnas de c\u00f3digo abierto que permite generar informes de datos anal\u00edticos en tiempo real. Se descubri\u00f3 un problema de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el servidor ClickHouse. Un atacante podr\u00eda enviar un payload especialmente manipulado a la interfaz nativa expuesta de forma predeterminada en el puerto 9000/tcp, lo que desencadenar\u00eda un error en la l\u00f3gica de descompresi\u00f3n del c\u00f3dec T64 que bloquear\u00eda el proceso del servidor ClickHouse. Este ataque no requiere autenticaci\u00f3n. Tenga en cuenta que esta explotaci\u00f3n tambi\u00e9n se puede activar a trav\u00e9s del protocolo HTTP; sin embargo, el atacante necesitar\u00e1 unas credenciales v\u00e1lidas ya que la autenticaci\u00f3n HTTP se realiza primero. Este problema se solucion\u00f3 en la versi\u00f3n 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts y 23.3.16.7-lts."
}
],
"id": "CVE-2023-47118",
"lastModified": "2024-11-21T08:29:48.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-20T17:15:08.623",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-44011
Vulnerability from fkie_nvd - Published: 2023-11-23 16:15 - Updated: 2024-11-21 07:27
Severity ?
Summary
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E491243-850E-42B0-93C1-02A5006E76CC",
"versionEndExcluding": "22.3.12.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC646C1-A2E2-4E6F-9312-2AF2B3FAED29",
"versionEndExcluding": "22.6.6.16",
"versionStartIncluding": "22.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2129D28D-F5C8-4824-819B-E27AF634C6BA",
"versionEndExcluding": "22.7.4.16",
"versionStartIncluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7994FF-D269-4F8A-9388-B60BC23A6EA6",
"versionEndExcluding": "22.8.2.11",
"versionStartIncluding": "22.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "391AC13C-E2F6-4824-AC29-081AF879666A",
"versionEndExcluding": "22.9.1.2603",
"versionStartIncluding": "22.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ClickHouse antes del 22.9.1.2603. Un usuario autenticado (con la capacidad de cargar datos) podr\u00eda provocar un desbordamiento del b\u00fafer del heap y bloquear el servidor al insertar un objeto CapnProto con formato incorrecto. Las versiones corregidas son 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16 y 22.3.12.19."
}
],
"id": "CVE-2022-44011",
"lastModified": "2024-11-21T07:27:31.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-23T16:15:07.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://clickhouse.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://clickhouse.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-44010
Vulnerability from fkie_nvd - Published: 2023-11-23 16:15 - Updated: 2024-11-21 07:27
Severity ?
Summary
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * | |
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E491243-850E-42B0-93C1-02A5006E76CC",
"versionEndExcluding": "22.3.12.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC646C1-A2E2-4E6F-9312-2AF2B3FAED29",
"versionEndExcluding": "22.6.6.16",
"versionStartIncluding": "22.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2129D28D-F5C8-4824-819B-E27AF634C6BA",
"versionEndExcluding": "22.7.4.16",
"versionStartIncluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7994FF-D269-4F8A-9388-B60BC23A6EA6",
"versionEndExcluding": "22.8.2.11",
"versionStartIncluding": "22.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "391AC13C-E2F6-4824-AC29-081AF879666A",
"versionEndExcluding": "22.9.1.2603",
"versionStartIncluding": "22.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ClickHouse antes del 22.9.1.2603. Un atacante podr\u00eda enviar una solicitud HTTP manipulada al endpoint HTTP (normalmente escuchando en el puerto 8123 de forma predeterminada), lo que provocar\u00eda un desbordamiento del b\u00fafer basado en el mont\u00f3n que bloquear\u00eda el proceso. Esto no requiere autenticaci\u00f3n. Las versiones corregidas son 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16 y 22.3.12.19."
}
],
"id": "CVE-2022-44010",
"lastModified": "2024-11-21T07:27:31.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-23T16:15:07.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://clickhouse.com/docs/en/whats-new/security-changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://clickhouse.com/docs/en/whats-new/security-changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42390
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
},
{
"lang": "es",
"value": "Una divisi\u00f3n por cero en el c\u00f3dec de compresi\u00f3n DeltaDouble de Clickhouse cuando es analizada una consulta maliciosa. El primer byte del b\u00fafer comprimido es usado en una operaci\u00f3n de m\u00f3dulo sin que sea comprobado el 0"
}
],
"id": "CVE-2021-42390",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:08.067",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42391
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
},
{
"lang": "es",
"value": "Una divisi\u00f3n por cero en el c\u00f3dec de compresi\u00f3n Gorilla de Clickhouse cuando es analizada una consulta maliciosa. El primer byte del b\u00fafer comprimido es usado en una operaci\u00f3n de m\u00f3dulo sin que sea comprobado el 0"
}
],
"id": "CVE-2021-42391",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:08.113",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-43305
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| reefs@jfrog.com | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy\u003ccopy_amount\u003e(op, ip, copy_end), don\u2019t exceed the destination buffer\u2019s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer de la pila en el c\u00f3dec de compresi\u00f3n LZ4 de Clickhouse cuando es analizada una consulta maliciosa. No es verificado que las operaciones de copia en el bucle LZ4::decompressImpl y especialmente la operaci\u00f3n de copia arbitraria wildCopy(copy_amount)(op, ip, copy_end), no excedan los l\u00edmites del buffer de destino. Este problema es muy similar a CVE-2021-43304, pero la operaci\u00f3n de copia vulnerable es encontrada en una llamada wildCopy diferente"
}
],
"id": "CVE-2021-43305",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:08.203",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}