Search criteria
45 vulnerabilities found for clickhouse by yandex
FKIE_CVE-2021-42390
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
},
{
"lang": "es",
"value": "Una divisi\u00f3n por cero en el c\u00f3dec de compresi\u00f3n DeltaDouble de Clickhouse cuando es analizada una consulta maliciosa. El primer byte del b\u00fafer comprimido es usado en una operaci\u00f3n de m\u00f3dulo sin que sea comprobado el 0"
}
],
"id": "CVE-2021-42390",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:08.067",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42391
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
},
{
"lang": "es",
"value": "Una divisi\u00f3n por cero en el c\u00f3dec de compresi\u00f3n Gorilla de Clickhouse cuando es analizada una consulta maliciosa. El primer byte del b\u00fafer comprimido es usado en una operaci\u00f3n de m\u00f3dulo sin que sea comprobado el 0"
}
],
"id": "CVE-2021-42391",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:08.113",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-43305
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| reefs@jfrog.com | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy\u003ccopy_amount\u003e(op, ip, copy_end), don\u2019t exceed the destination buffer\u2019s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer de la pila en el c\u00f3dec de compresi\u00f3n LZ4 de Clickhouse cuando es analizada una consulta maliciosa. No es verificado que las operaciones de copia en el bucle LZ4::decompressImpl y especialmente la operaci\u00f3n de copia arbitraria wildCopy(copy_amount)(op, ip, copy_end), no excedan los l\u00edmites del buffer de destino. Este problema es muy similar a CVE-2021-43304, pero la operaci\u00f3n de copia vulnerable es encontrada en una llamada wildCopy diferente"
}
],
"id": "CVE-2021-43305",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:08.203",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-43304
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| reefs@jfrog.com | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy\u003ccopy_amount\u003e(op, ip, copy_end), don\u2019t exceed the destination buffer\u2019s limits."
},
{
"lang": "es",
"value": "Un Desbordamiento del b\u00fafer de la pila en el c\u00f3dec de compresi\u00f3n LZ4 de Clickhouse cuando es analizada una consulta maliciosa. No es verificado que las operaciones de copia en el bucle LZ4::decompressImpl y especialmente la operaci\u00f3n de copia arbitraria wildCopy(copy_amount)(op, ip, copy_end), no excedan los l\u00edmites del buffer de destino"
}
],
"id": "CVE-2021-43304",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:08.157",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42389
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
},
{
"lang": "es",
"value": "Una divisi\u00f3n por cero en el c\u00f3dec de compresi\u00f3n Delta de Clickhouse cuando es analizada una consulta maliciosa. El primer byte del b\u00fafer comprimido es usado en una operaci\u00f3n de m\u00f3dulo sin que sea comprobado el 0"
}
],
"id": "CVE-2021-42389",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:08.017",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42387
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| reefs@jfrog.com | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds read in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (\u0027offset\u0027) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation."
},
{
"lang": "es",
"value": "Una lectura fuera de l\u00edmites de la pila en el c\u00f3dec de compresi\u00f3n LZ4 de Clickhouse cuando es analizada una consulta maliciosa. Como parte del bucle LZ4::decompressImpl(), es le\u00eddo un valor de 16 bits sin signo proporcionado por el usuario (\"offset\") de los datos comprimidos. El offset es usado posteriormente en la longitud de una operaci\u00f3n de copia, sin comprobar los l\u00edmites superiores del origen de la operaci\u00f3n de copia"
}
],
"id": "CVE-2021-42387",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:07.917",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42388
Vulnerability from fkie_nvd - Published: 2022-03-14 23:15 - Updated: 2025-06-25 20:49
Severity ?
Summary
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| reefs@jfrog.com | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4",
"versionEndExcluding": "21.10.2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds read in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (\u0027offset\u0027) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation."
},
{
"lang": "es",
"value": "Una lectura fuera de l\u00edmites de la pila en el c\u00f3dec de compresi\u00f3n LZ4 de Clickhouse cuando es analizada una consulta maliciosa. Como parte del bucle LZ4::decompressImpl(), es le\u00eddo un valor de 16 bits sin signo proporcionado por el usuario (\"offset\") de los datos comprimidos. El offset es usado posteriormente en la longitud de una operaci\u00f3n de copia, sin comprobar los l\u00edmites inferiores del origen de la operaci\u00f3n de copia"
}
],
"id": "CVE-2021-42388",
"lastModified": "2025-06-25T20:49:29.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T23:15:07.970",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15024
Vulnerability from fkie_nvd - Published: 2019-12-30 15:15 - Updated: 2025-06-25 20:48
Severity ?
Summary
In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A87EE0-3F9C-430F-BE8B-589249318B6D",
"versionEndExcluding": "19.14.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem."
},
{
"lang": "es",
"value": "En todas las versiones de ClickHouse anteriores a la versi\u00f3n 19.14.3, un atacante que tiene acceso de escritura a ZooKeeper y es capaz de ejecutar un servidor personalizado disponible desde la red donde se ejecuta ClickHouse, puede crear un servidor malicioso personalizado que actuar\u00e1 como una r\u00e9plica de ClickHouse y reg\u00edstralo en ZooKeeper. Cuando otra r\u00e9plica buscar\u00e1 parte de datos de la r\u00e9plica maliciosa, puede obligar a clickhouse-server a escribir en una ruta arbitraria en el sistema de archivos."
}
],
"id": "CVE-2019-15024",
"lastModified": "2025-06-25T20:48:54.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-30T15:15:10.580",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-16535
Vulnerability from fkie_nvd - Published: 2019-12-30 15:15 - Updated: 2025-06-25 20:48
Severity ?
Summary
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC82E11-2D27-44B0-ABEB-B3320F17F982",
"versionEndExcluding": "19.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol."
},
{
"lang": "es",
"value": "En todas las versiones de ClickHouse anteriores a la versi\u00f3n 19.14, una lectura OOB, escritura OOB y un desbordamiento de enteros en algoritmos de descompresi\u00f3n pueden ser usados para lograr una RCE o DoS por medio del protocolo nativo."
}
],
"id": "CVE-2019-16535",
"lastModified": "2025-06-25T20:48:54.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-30T15:15:10.673",
"references": [
{
"source": "browser-security@yandex-team.ru",
"tags": [
"Vendor Advisory"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"sourceIdentifier": "browser-security@yandex-team.ru",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-191"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18657
Vulnerability from fkie_nvd - Published: 2019-10-31 19:15 - Updated: 2025-06-25 20:48
Severity ?
Summary
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md | Third Party Advisory | |
| cve@mitre.org | https://github.com/ClickHouse/ClickHouse/pull/6466 | Third Party Advisory | |
| cve@mitre.org | https://github.com/ClickHouse/ClickHouse/pull/7526/files | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ClickHouse/ClickHouse/pull/6466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ClickHouse/ClickHouse/pull/7526/files | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clickhouse | clickhouse | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "675FD06D-3CBE-4CE5-8714-BDFDC9B8DBAF",
"versionEndExcluding": "19.13.5.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function."
},
{
"lang": "es",
"value": "ClickHouse versiones anteriores a 19.13.5.44, permite una inyecci\u00f3n de encabezado HTTP por medio de la funci\u00f3n url table."
}
],
"id": "CVE-2019-18657",
"lastModified": "2025-06-25T20:48:54.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-31T19:15:12.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-42391 (GCVE-0-2021-42391)
Vulnerability from cvelistv5 – Published: 2022-03-14 22:20 – Updated: 2024-08-04 03:30
VLAI?
Summary
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:20:33",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-42391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clickhouse",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "21.10.2.15-stable"
}
]
}
}
]
},
"vendor_name": "yandex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Divide-by-zero in Clickhouse\u0027s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms",
"refsource": "MISC",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42391",
"datePublished": "2022-03-14T22:20:33",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42390 (GCVE-0-2021-42390)
Vulnerability from cvelistv5 – Published: 2022-03-14 22:20 – Updated: 2024-08-04 03:30
VLAI?
Summary
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:20:31",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-42390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clickhouse",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "21.10.2.15-stable"
}
]
}
}
]
},
"vendor_name": "yandex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms",
"refsource": "MISC",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42390",
"datePublished": "2022-03-14T22:20:31",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42389 (GCVE-0-2021-42389)
Vulnerability from cvelistv5 – Published: 2022-03-14 22:20 – Updated: 2024-08-04 03:30
VLAI?
Summary
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:20:30",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-42389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clickhouse",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "21.10.2.15-stable"
}
]
}
}
]
},
"vendor_name": "yandex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Divide-by-zero in Clickhouse\u0027s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms",
"refsource": "MISC",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42389",
"datePublished": "2022-03-14T22:20:30",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43304 (GCVE-0-2021-43304)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:55
VLAI?
Summary
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy\u003ccopy_amount\u003e(op, ip, copy_end), don\u2019t exceed the destination buffer\u2019s limits."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-43304",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43305 (GCVE-0-2021-43305)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:55
VLAI?
Summary
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:29.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy\u003ccopy_amount\u003e(op, ip, copy_end), don\u2019t exceed the destination buffer\u2019s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-43305",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:29.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42387 (GCVE-0-2021-42387)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:30
VLAI?
Summary
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds read in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (\u0027offset\u0027) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42387",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42388 (GCVE-0-2021-42388)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:30
VLAI?
Summary
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds read in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (\u0027offset\u0027) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42388",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15024 (GCVE-0-2019-15024)
Vulnerability from cvelistv5 – Published: 2019-12-30 14:39 – Updated: 2024-08-05 00:34
VLAI?
Summary
In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.
Severity ?
No CVSS data available.
CWE
- Arbitrary write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClickHouse |
Affected:
All versions prior to version 19.14.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 19.14.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-30T14:39:00",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2019-15024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 19.14.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "MISC",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2019-15024",
"datePublished": "2019-12-30T14:39:00",
"dateReserved": "2019-08-13T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16535 (GCVE-0-2019-16535)
Vulnerability from cvelistv5 – Published: 2019-12-30 14:35 – Updated: 2024-08-05 01:17
VLAI?
Summary
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
Severity ?
No CVSS data available.
CWE
- DOS, RCE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClickHouse |
Affected:
All versions prior to version 19.14.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:40.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 19.14."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DOS, RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-30T14:35:21",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2019-16535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 19.14."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOS, RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "MISC",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2019-16535",
"datePublished": "2019-12-30T14:35:21",
"dateReserved": "2019-09-19T00:00:00",
"dateUpdated": "2024-08-05T01:17:40.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18657 (GCVE-0-2019-18657)
Vulnerability from cvelistv5 – Published: 2019-10-31 18:55 – Updated: 2024-08-05 01:54
VLAI?
Summary
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:55:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/6466",
"refsource": "MISC",
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md",
"refsource": "MISC",
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/7526/files",
"refsource": "MISC",
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18657",
"datePublished": "2019-10-31T18:55:55",
"dateReserved": "2019-10-31T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42391 (GCVE-0-2021-42391)
Vulnerability from nvd – Published: 2022-03-14 22:20 – Updated: 2024-08-04 03:30
VLAI?
Summary
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:20:33",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-42391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clickhouse",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "21.10.2.15-stable"
}
]
}
}
]
},
"vendor_name": "yandex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Divide-by-zero in Clickhouse\u0027s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms",
"refsource": "MISC",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42391",
"datePublished": "2022-03-14T22:20:33",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42390 (GCVE-0-2021-42390)
Vulnerability from nvd – Published: 2022-03-14 22:20 – Updated: 2024-08-04 03:30
VLAI?
Summary
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:20:31",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-42390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clickhouse",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "21.10.2.15-stable"
}
]
}
}
]
},
"vendor_name": "yandex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms",
"refsource": "MISC",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42390",
"datePublished": "2022-03-14T22:20:31",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42389 (GCVE-0-2021-42389)
Vulnerability from nvd – Published: 2022-03-14 22:20 – Updated: 2024-08-04 03:30
VLAI?
Summary
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:20:30",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-42389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clickhouse",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "21.10.2.15-stable"
}
]
}
}
]
},
"vendor_name": "yandex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Divide-by-zero in Clickhouse\u0027s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms",
"refsource": "MISC",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42389",
"datePublished": "2022-03-14T22:20:30",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43304 (GCVE-0-2021-43304)
Vulnerability from nvd – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:55
VLAI?
Summary
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy\u003ccopy_amount\u003e(op, ip, copy_end), don\u2019t exceed the destination buffer\u2019s limits."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-43304",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43305 (GCVE-0-2021-43305)
Vulnerability from nvd – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:55
VLAI?
Summary
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:29.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy\u003ccopy_amount\u003e(op, ip, copy_end), don\u2019t exceed the destination buffer\u2019s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-43305",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:29.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42387 (GCVE-0-2021-42387)
Vulnerability from nvd – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:30
VLAI?
Summary
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds read in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (\u0027offset\u0027) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42387",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42388 (GCVE-0-2021-42388)
Vulnerability from nvd – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:30
VLAI?
Summary
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds read in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (\u0027offset\u0027) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42388",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15024 (GCVE-0-2019-15024)
Vulnerability from nvd – Published: 2019-12-30 14:39 – Updated: 2024-08-05 00:34
VLAI?
Summary
In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.
Severity ?
No CVSS data available.
CWE
- Arbitrary write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClickHouse |
Affected:
All versions prior to version 19.14.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 19.14.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-30T14:39:00",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2019-15024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 19.14.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "MISC",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2019-15024",
"datePublished": "2019-12-30T14:39:00",
"dateReserved": "2019-08-13T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16535 (GCVE-0-2019-16535)
Vulnerability from nvd – Published: 2019-12-30 14:35 – Updated: 2024-08-05 01:17
VLAI?
Summary
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
Severity ?
No CVSS data available.
CWE
- DOS, RCE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClickHouse |
Affected:
All versions prior to version 19.14.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:40.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 19.14."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DOS, RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-30T14:35:21",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2019-16535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 19.14."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOS, RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "MISC",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2019-16535",
"datePublished": "2019-12-30T14:35:21",
"dateReserved": "2019-09-19T00:00:00",
"dateUpdated": "2024-08-05T01:17:40.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18657 (GCVE-0-2019-18657)
Vulnerability from nvd – Published: 2019-10-31 18:55 – Updated: 2024-08-05 01:54
VLAI?
Summary
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:55:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/6466",
"refsource": "MISC",
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md",
"refsource": "MISC",
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/7526/files",
"refsource": "MISC",
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18657",
"datePublished": "2019-10-31T18:55:55",
"dateReserved": "2019-10-31T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}