Lucene search
ClickHouseCH:6F5AFB084EEB9727F9BB1EF292640808HistoryOct 18, 2021 - 12:00 a.m.
Fixed in ClickHouse 21.10.2.15, 2021-10-18
2021-10-1800:00:00
83
clickhouse
buffer overflow
lz4
compression
malicious query
verification
copy operations
destination buffer's limits
EPSS
0.001
Percentile
38.1%
Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy(op, ip, copy_end), don’t exceed the destination buffer’s limits.
Related
nvd
nvd
CVE-2021-43304
2022-03-14 23:15:08
CVE-2021-43305
2022-03-14 23:15:08
cve
cve
CVE-2021-43304
2022-03-14 23:15:08
CVE-2021-43305
2022-03-14 23:15:08
cvelist
cvelist
CVE-2021-43304
2022-03-14 00:00:00
CVE-2021-43305
2022-03-14 00:00:00
osv
osv
CVE-2021-43304
2022-03-14 23:15:08
CVE-2021-43305
2022-03-14 23:15:00
clickhouse - security update
2022-11-03 00:00:00
ubuntucve
ubuntucve
CVE-2021-43304
2022-03-14 00:00:00
CVE-2021-43305
2022-03-14 00:00:00
prion
prion
Heap overflow
2022-03-14 23:15:00
Heap overflow
2022-03-14 23:15:00
debiancve
debiancve
CVE-2021-43304
2022-03-14 23:15:08
CVE-2021-43305
2022-03-14 23:15:08
openvas
openvas
Debian: Security Advisory (DLA-3176-1)
2022-11-05 00:00:00
debian
debian
[SECURITY] [DLA 3176-1] clickhouse security update
2022-11-04 06:11:35
nessus
nessus
Debian DLA-3176-1 : clickhouse - LTS security update
2022-11-09 00:00:00
thn
thn
Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data
2022-03-16 07:53:00