Debian Security Bug TrackerDEBIANCVE:CVE-2023-48298CVE-2023-48298
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.6%
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | clickhouse | <= 18.16.1+ds-7.3 | clickhouse_18.16.1+ds-7.3_all.deb |
| Debian | 11 | all | clickhouse | <= 18.16.1+ds-7.2+deb11u1 | clickhouse_18.16.1+ds-7.2+deb11u1_all.deb |
| Debian | 999 | all | clickhouse | <= 18.16.1+ds-7.4 | clickhouse_18.16.1+ds-7.4_all.deb |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.6%