Search criteria
27 vulnerabilities by ClickHouse
CVE-2025-52969 (GCVE-0-2025-52969)
Vulnerability from cvelistv5 – Published: 2025-06-23 00:00 – Updated: 2025-07-03 15:20
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-07-03T15:20:56.984Z",
"orgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"shortName": "ClickHouse"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52969",
"datePublished": "2025-06-23T00:00:00.000Z",
"dateRejected": "2025-07-03T15:20:56.984Z",
"dateReserved": "2025-06-23T00:00:00.000Z",
"dateUpdated": "2025-07-03T15:20:56.984Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16536 (GCVE-0-2019-16536)
Vulnerability from cvelistv5 – Published: 2025-05-21 07:13 – Updated: 2025-05-21 13:49
VLAI?
Summary
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.
Severity ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Clickhouse | DB |
Affected:
19.14.3.3
(semver)
|
Credits
Eldar Zaitov of Yandex Information Security Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T13:49:29.127360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T13:49:34.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "DB",
"vendor": "Clickhouse",
"versions": [
{
"status": "affected",
"version": "19.14.3.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eldar Zaitov of Yandex Information Security Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T07:13:15.603Z",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"url": "https://clickhouse.com/docs/whats-new/security-changelog"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow leading to DoS can be triggered by a malicious authenticated client.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2019-16536",
"datePublished": "2025-05-21T07:13:15.603Z",
"dateReserved": "2019-09-19T00:00:00.000Z",
"dateUpdated": "2025-05-21T13:49:34.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1385 (GCVE-0-2025-1385)
Vulnerability from cvelistv5 – Published: 2025-03-20 07:13 – Updated: 2025-03-20 15:10
VLAI?
Summary
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits file uploads to specific directories, a misconfigured server can be exploited by an attacker with privilege to access to both table engines to execute arbitrary code on the ClickHouse server.
You can check if your ClickHouse server is vulnerable to this vulnerability by inspecting the configuration file and confirming if the following setting is enabled:
<library_bridge>
<port>9019</port>
</library_bridge>
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse OSS |
Affected:
24.3 , < 24.3.18.6
(custom)
Affected: 24.8 , < 24.8.14.27 (custom) Affected: 24.11 , < 24.11.5.34 (custom) Affected: 24.12 , < 24.12.5.65 (custom) Affected: 25.1 , < 25.1.5.5 (custom) |
Credits
Arseniy Dugin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T15:10:22.165918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T15:10:30.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ClickHouse/clickhouse",
"defaultStatus": "unaffected",
"modules": [
"clickhouse-library-bridge"
],
"packageName": "ClickHouse",
"product": "ClickHouse OSS",
"repo": "https://github.com/ClickHouse/clickhouse",
"vendor": "ClickHouse",
"versions": [
{
"lessThan": "24.3.18.6",
"status": "affected",
"version": "24.3",
"versionType": "custom"
},
{
"lessThan": "24.8.14.27",
"status": "affected",
"version": "24.8",
"versionType": "custom"
},
{
"lessThan": "24.11.5.34",
"status": "affected",
"version": "24.11",
"versionType": "custom"
},
{
"lessThan": "24.12.5.65",
"status": "affected",
"version": "24.12",
"versionType": "custom"
},
{
"lessThan": "25.1.5.5",
"status": "affected",
"version": "25.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arseniy Dugin"
}
],
"datePublic": "2025-03-20T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits file uploads to specific directories, a misconfigured server can be exploited by an attacker with privilege to access to both table engines to execute arbitrary code on the ClickHouse server.\u003c/p\u003e\u003cp\u003eYou can check if your ClickHouse server is vulnerable to this vulnerability by inspecting the configuration file and confirming if the following setting is enabled:\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003e\u003ccode\u003e\u0026lt;library_bridge\u0026gt;\n \u0026lt;port\u0026gt;9019\u0026lt;/port\u0026gt;\n\u0026lt;/library_bridge\u0026gt;\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits file uploads to specific directories, a misconfigured server can be exploited by an attacker with privilege to access to both table engines to execute arbitrary code on the ClickHouse server.\n\nYou can check if your ClickHouse server is vulnerable to this vulnerability by inspecting the configuration file and confirming if the following setting is enabled:\n\n\u003clibrary_bridge\u003e\n \u003cport\u003e9019\u003c/port\u003e\n\u003c/library_bridge\u003e"
}
],
"impacts": [
{
"capecId": "CAPEC-108",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-108 Command Line Execution through SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T07:13:34.577Z",
"orgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"shortName": "ClickHouse"
},
"references": [
{
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5phv-x8x4-83x5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"assignerShortName": "ClickHouse",
"cveId": "CVE-2025-1385",
"datePublished": "2025-03-20T07:13:34.577Z",
"dateReserved": "2025-02-17T02:21:00.085Z",
"dateUpdated": "2025-03-20T15:10:30.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41436 (GCVE-0-2024-41436)
Vulnerability from cvelistv5 – Published: 2024-09-03 00:00 – Updated: 2024-09-03 19:27
VLAI?
Summary
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clickhouse",
"vendor": "clickhouse",
"versions": [
{
"status": "affected",
"version": "24.3.3.102"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41436",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:25:55.505080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:27:45.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:58:52.449034",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ClickHouse/ClickHouse/issues/65520"
},
{
"url": "https://gist.github.com/ycybfhb/db127ae9d105a4d20edc9f010a959016"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41436",
"datePublished": "2024-09-03T00:00:00",
"dateReserved": "2024-07-18T00:00:00",
"dateUpdated": "2024-09-03T19:27:45.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6873 (GCVE-0-2024-6873)
Vulnerability from cvelistv5 – Published: 2024-08-01 15:57 – Updated: 2024-08-02 15:18
VLAI?
Summary
It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.
Fixes have been merged to all currently supported version of ClickHouse. If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit https://github.com/ClickHouse/ClickHouse/pull/64024 .
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
v23.8.0 , < v23.8.15.35-lts
(custom)
Affected: v24.3.0 , < v24.3.4.147-lts (custom) Affected: v24.4.0 , < v24.4.2.141-stable (custom) Affected: v24.5.0 , < v24.5.1.1763 (custom) Affected: v24.6.0 , < v24.6.1.4423-stable (custom) |
Credits
malacupa (Independent researcher)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T15:18:14.184641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:28.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "clickhouse",
"product": "ClickHouse",
"repo": "https://github.com/ClickHouse/clickhouse",
"vendor": "ClickHouse",
"versions": [
{
"lessThan": "v23.8.15.35-lts",
"status": "affected",
"version": "v23.8.0",
"versionType": "custom"
},
{
"lessThan": "v24.3.4.147-lts",
"status": "affected",
"version": "v24.3.0",
"versionType": "custom"
},
{
"lessThan": "v24.4.2.141-stable",
"status": "affected",
"version": "v24.4.0",
"versionType": "custom"
},
{
"lessThan": "v24.5.1.1763",
"status": "affected",
"version": "v24.5.0",
"versionType": "custom"
},
{
"lessThan": "v24.6.1.4423-stable",
"status": "affected",
"version": "v24.6.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "malacupa (Independent researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIt is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u0026nbsp;Fixes have been merged to all currently supported version of ClickHouse.\u0026nbsp;If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/ClickHouse/ClickHouse/pull/64024\"\u003ehttps://github.com/ClickHouse/ClickHouse/pull/64024\u003c/a\u003e."
}
],
"value": "It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.\n\n\u00a0Fixes have been merged to all currently supported version of ClickHouse.\u00a0If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit\u00a0 https://github.com/ClickHouse/ClickHouse/pull/64024 ."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:57:41.585Z",
"orgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"shortName": "ClickHouse"
},
"references": [
{
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-432f-r822-j66f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eClickHouse recommends locking down native interface to trusted IP addresses only until the system is patched.\u003c/p\u003e"
}
],
"value": "ClickHouse recommends locking down native interface to trusted IP addresses only until the system is patched."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb7ba516-3b07-4c98-b0c2-715220f1a8f6",
"assignerShortName": "ClickHouse",
"cveId": "CVE-2024-6873",
"datePublished": "2024-08-01T15:57:25.304Z",
"dateReserved": "2024-07-18T03:24:47.800Z",
"dateUpdated": "2024-08-02T15:18:28.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22412 (GCVE-0-2024-22412)
Vulnerability from cvelistv5 – Published: 2024-03-18 20:51 – Updated: 2024-08-01 22:43
VLAI?
Summary
ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn't have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
= 23.1
Affected: < 24.0.2.54535 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clickhouse",
"vendor": "clickhouse",
"versions": [
{
"lessThan": "24.0.2.54535",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:clickhouse:clickhouse:23.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clickhouse",
"vendor": "clickhouse",
"versions": [
{
"status": "affected",
"version": "23.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:15:45.594283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:17:44.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/58611",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/58611"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "= 23.1"
},
{
"status": "affected",
"version": "\u003c 24.0.2.54535"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn\u0027t have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T20:51:40.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/58611",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/58611"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015"
}
],
"source": {
"advisory": "GHSA-45h5-f7g3-gr8r",
"discovery": "UNKNOWN"
},
"title": "ClickHouse\u0027s Role-based Access Control is bypassed when query caching is enabled."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22412",
"datePublished": "2024-03-18T20:51:40.313Z",
"dateReserved": "2024-01-10T15:09:55.551Z",
"dateUpdated": "2024-08-01T22:43:34.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23689 (GCVE-0-2024-23689)
Vulnerability from cvelistv5 – Published: 2024-01-19 21:02 – Updated: 2025-11-29 02:03
VLAI?
Summary
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.
Severity ?
8.8 (High)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/ClickHouse/clickhouse-java/issues/1331"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/ClickHouse/clickhouse-java/pull/1334"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-g8ph-74m6-8m7r"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23689",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T23:56:00.497117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:24:57.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "com.clickhouse:clickhouse-r2dbc",
"versions": [
{
"lessThan": "0.4.6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "com.clickhouse:clickhouse-jdbc",
"versions": [
{
"lessThan": "0.4.6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "com.clickhouse:clickhouse-client",
"versions": [
{
"lessThan": "0.4.6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clickhouse:java_libraries:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.4.6",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eExposure of sensitive information in exceptions in ClichHouse\u0027s clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when \u0027sslkey\u0027 is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.\u003c/p\u003e"
}
],
"value": "Exposure of sensitive information in exceptions in ClichHouse\u0027s clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when \u0027sslkey\u0027 is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-29T02:03:14.990Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ClickHouse/clickhouse-java/issues/1331"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ClickHouse/clickhouse-java/pull/1334"
},
{
"tags": [
"related"
],
"url": "https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/advisories/GHSA-g8ph-74m6-8m7r"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ClickHouse Client Certificate Password Exposure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-23689",
"datePublished": "2024-01-19T21:02:29.558Z",
"dateReserved": "2024-01-19T17:35:14.200Z",
"dateUpdated": "2025-11-29T02:03:14.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48704 (GCVE-0-2023-48704)
Vulnerability from cvelistv5 – Published: 2023-12-22 15:18 – Updated: 2024-08-02 21:37
VLAI?
Summary
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
< 23.9.2.47551
Affected: < 23.10.5.20 Affected: < 23.3.18.15 Affected: < 23.8.8.20 Affected: < 23.9.6.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/57107",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/57107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "\u003c 23.9.2.47551"
},
{
"status": "affected",
"version": "\u003c 23.10.5.20"
},
{
"status": "affected",
"version": "\u003c 23.3.18.15"
},
{
"status": "affected",
"version": "\u003c 23.8.8.20"
},
{
"status": "affected",
"version": "\u003c 23.9.6.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T15:18:12.846Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/57107",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/57107"
}
],
"source": {
"advisory": "GHSA-5rmf-5g48-xv63",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated heap buffer overflow in Gorrila codec decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48704",
"datePublished": "2023-12-22T15:18:12.846Z",
"dateReserved": "2023-11-17T19:43:37.554Z",
"dateUpdated": "2024-08-02T21:37:54.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48298 (GCVE-0-2023-48298)
Vulnerability from cvelistv5 – Published: 2023-12-21 23:07 – Updated: 2024-11-27 15:47
VLAI?
Summary
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.
Severity ?
5.9 (Medium)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
<= 23.10.2.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/56795",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:47:32.929815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:47:44.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "\u003c= 23.10.2.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T23:07:43.901Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/56795",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/56795"
}
],
"source": {
"advisory": "GHSA-qw9f-qv29-8938",
"discovery": "UNKNOWN"
},
"title": "Integer underflow leading to stack overflow in FPC codec decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48298",
"datePublished": "2023-12-21T23:07:43.901Z",
"dateReserved": "2023-11-14T17:41:15.571Z",
"dateUpdated": "2024-11-27T15:47:44.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47118 (GCVE-0-2023-47118)
Vulnerability from cvelistv5 – Published: 2023-12-20 16:30 – Updated: 2024-08-02 21:01
VLAI?
Summary
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
< 23.3.16.7-lts
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "\u003c 23.3.16.7-lts"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T16:30:21.942Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v"
}
],
"source": {
"advisory": "GHSA-g22g-p6q2-x39v",
"discovery": "UNKNOWN"
},
"title": "Heap buffer overflow in T64 codec decompression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47118",
"datePublished": "2023-12-20T16:30:21.942Z",
"dateReserved": "2023-10-30T19:57:51.674Z",
"dateUpdated": "2024-08-02T21:01:22.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44011 (GCVE-0-2022-44011)
Vulnerability from cvelistv5 – Published: 2023-11-23 00:00 – Updated: 2024-08-03 13:47
VLAI?
Summary
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://clickhouse.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T15:56:19.267555",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://clickhouse.com"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44011",
"datePublished": "2023-11-23T00:00:00",
"dateReserved": "2022-10-29T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44010 (GCVE-0-2022-44010)
Vulnerability from cvelistv5 – Published: 2023-11-23 00:00 – Updated: 2024-08-03 13:47
VLAI?
Summary
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://clickhouse.com/docs/en/whats-new/security-changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T15:53:52.480658",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://clickhouse.com/docs/en/whats-new/security-changelog"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44010",
"datePublished": "2023-11-23T00:00:00",
"dateReserved": "2022-10-29T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42391 (GCVE-0-2021-42391)
Vulnerability from cvelistv5 – Published: 2022-03-14 22:20 – Updated: 2024-08-04 03:30
VLAI?
Summary
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:20:33",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-42391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clickhouse",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "21.10.2.15-stable"
}
]
}
}
]
},
"vendor_name": "yandex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Divide-by-zero in Clickhouse\u0027s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms",
"refsource": "MISC",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42391",
"datePublished": "2022-03-14T22:20:33",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42390 (GCVE-0-2021-42390)
Vulnerability from cvelistv5 – Published: 2022-03-14 22:20 – Updated: 2024-08-04 03:30
VLAI?
Summary
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:20:31",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-42390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clickhouse",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "21.10.2.15-stable"
}
]
}
}
]
},
"vendor_name": "yandex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms",
"refsource": "MISC",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42390",
"datePublished": "2022-03-14T22:20:31",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42389 (GCVE-0-2021-42389)
Vulnerability from cvelistv5 – Published: 2022-03-14 22:20 – Updated: 2024-08-04 03:30
VLAI?
Summary
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Divide-by-zero in Clickhouse\u0027s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T22:20:30",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jfrog.com",
"ID": "CVE-2021-42389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clickhouse",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "21.10.2.15-stable"
}
]
}
}
]
},
"vendor_name": "yandex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Divide-by-zero in Clickhouse\u0027s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms",
"refsource": "MISC",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42389",
"datePublished": "2022-03-14T22:20:30",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43304 (GCVE-0-2021-43304)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:55
VLAI?
Summary
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy\u003ccopy_amount\u003e(op, ip, copy_end), don\u2019t exceed the destination buffer\u2019s limits."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-43304",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42387 (GCVE-0-2021-42387)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:30
VLAI?
Summary
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds read in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (\u0027offset\u0027) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42387",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43305 (GCVE-0-2021-43305)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:55
VLAI?
Summary
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:29.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy\u003ccopy_amount\u003e(op, ip, copy_end), don\u2019t exceed the destination buffer\u2019s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-43305",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:29.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42388 (GCVE-0-2021-42388)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2024-08-04 03:30
VLAI?
Summary
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yandex | clickhouse |
Affected:
unspecified , < 21.10.2.15-stable
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clickhouse",
"vendor": "yandex",
"versions": [
{
"lessThan": "21.10.2.15-stable",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds read in Clickhouse\u0027s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (\u0027offset\u0027) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
},
{
"name": "[debian-lts-announce] 20221104 [SECURITY] [DLA 3176-1] clickhouse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-42388",
"datePublished": "2022-03-14T00:00:00",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15024 (GCVE-0-2019-15024)
Vulnerability from cvelistv5 – Published: 2019-12-30 14:39 – Updated: 2024-08-05 00:34
VLAI?
Summary
In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.
Severity ?
No CVSS data available.
CWE
- Arbitrary write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClickHouse |
Affected:
All versions prior to version 19.14.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 19.14.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-30T14:39:00",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2019-15024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 19.14.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "MISC",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2019-15024",
"datePublished": "2019-12-30T14:39:00",
"dateReserved": "2019-08-13T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16535 (GCVE-0-2019-16535)
Vulnerability from cvelistv5 – Published: 2019-12-30 14:35 – Updated: 2024-08-05 01:17
VLAI?
Summary
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
Severity ?
No CVSS data available.
CWE
- DOS, RCE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClickHouse |
Affected:
All versions prior to version 19.14.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:40.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 19.14."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DOS, RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-30T14:35:21",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2019-16535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 19.14."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOS, RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "MISC",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2019-16535",
"datePublished": "2019-12-30T14:35:21",
"dateReserved": "2019-09-19T00:00:00",
"dateUpdated": "2024-08-05T01:17:40.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18657 (GCVE-0-2019-18657)
Vulnerability from cvelistv5 – Published: 2019-10-31 18:55 – Updated: 2024-08-05 01:54
VLAI?
Summary
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:55:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/6466",
"refsource": "MISC",
"url": "https://github.com/ClickHouse/ClickHouse/pull/6466"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md",
"refsource": "MISC",
"url": "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md"
},
{
"name": "https://github.com/ClickHouse/ClickHouse/pull/7526/files",
"refsource": "MISC",
"url": "https://github.com/ClickHouse/ClickHouse/pull/7526/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18657",
"datePublished": "2019-10-31T18:55:55",
"dateReserved": "2019-10-31T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14672 (GCVE-0-2018-14672)
Vulnerability from cvelistv5 – Published: 2019-08-15 17:54 – Updated: 2024-08-05 09:38
VLAI?
Summary
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
Severity ?
No CVSS data available.
CWE
- Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClickHouse |
Affected:
All versions prior to version 18.12.13.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 18.12.13."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:54:05",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2018-14672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 18.12.13."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "MISC",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2018-14672",
"datePublished": "2019-08-15T17:54:05",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14671 (GCVE-0-2018-14671)
Vulnerability from cvelistv5 – Published: 2019-08-15 17:46 – Updated: 2024-08-05 09:38
VLAI?
Summary
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
All versions prior to version 18.10.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:12.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 18.10.3."
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:46:03",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2018-14671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 18.10.3."
}
]
}
}
]
},
"vendor_name": "ClickHouse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "CONFIRM",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2018-14671",
"datePublished": "2019-08-15T17:46:03",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:38:12.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14669 (GCVE-0-2018-14669)
Vulnerability from cvelistv5 – Published: 2019-08-15 17:39 – Updated: 2024-08-05 09:38
VLAI?
Summary
ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
Severity ?
No CVSS data available.
CWE
- Local File Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClickHouse |
Affected:
All versions prior to version 1.1.54390.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:12.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.1.54390."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClickHouse MySQL client before versions 1.1.54390 had \"LOAD DATA LOCAL INFILE\" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local File Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:39:30",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2018-14669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.1.54390."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClickHouse MySQL client before versions 1.1.54390 had \"LOAD DATA LOCAL INFILE\" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local File Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "MISC",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2018-14669",
"datePublished": "2019-08-15T17:39:30",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:38:12.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14668 (GCVE-0-2018-14668)
Vulnerability from cvelistv5 – Published: 2019-08-15 17:31 – Updated: 2024-08-05 09:38
VLAI?
Summary
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.
Severity ?
No CVSS data available.
CWE
- Cross Protocol Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClickHouse |
Affected:
All versions prior to version 1.1.54388.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:12.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.1.54388."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ClickHouse before 1.1.54388, \"remote\" table function allowed arbitrary symbols in \"user\", \"password\" and \"default_database\" fields which led to Cross Protocol Request Forgery Attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Protocol Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:31:24",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2018-14668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.1.54388."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ClickHouse before 1.1.54388, \"remote\" table function allowed arbitrary symbols in \"user\", \"password\" and \"default_database\" fields which led to Cross Protocol Request Forgery Attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Protocol Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "MISC",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2018-14668",
"datePublished": "2019-08-15T17:31:24",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:38:12.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14670 (GCVE-0-2018-14670)
Vulnerability from cvelistv5 – Published: 2019-08-15 17:13 – Updated: 2024-08-05 09:38
VLAI?
Summary
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.
Severity ?
No CVSS data available.
CWE
- Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ClickHouse | ClickHouse |
Affected:
All versions prior to version 1.1.54131.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClickHouse",
"vendor": "ClickHouse",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.1.54131."
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execution with Unnecessary Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:13:39",
"orgId": "a51c9250-e584-488d-808b-03e6f1386796",
"shortName": "yandex"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "browser-security@yandex-team.ru",
"ID": "CVE-2018-14670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClickHouse",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.1.54131."
}
]
}
}
]
},
"vendor_name": "ClickHouse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://clickhouse.yandex/docs/en/security_changelog/",
"refsource": "CONFIRM",
"url": "https://clickhouse.yandex/docs/en/security_changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796",
"assignerShortName": "yandex",
"cveId": "CVE-2018-14670",
"datePublished": "2019-08-15T17:13:39",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}