Lucene search

K
osvGoogleOSV:CVE-2021-43305
HistoryMar 14, 2022 - 11:15 p.m.

CVE-2021-43305

2022-03-1423:15:00
Google
osv.dev
7
cve-2021-43305
clickhouse
lz4 compression

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

38.1%

Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

38.1%