Note:
This project will be discontinued after December 13, 2021. [more]
2019-12-30
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
Products | Clickhouse |
Type | Out-of-bounds Read (CWE-125) Integer Underflow (Wrap or Wraparound) (CWE-191) Out-of-bounds Write (CWE-787) |
First patch | - None (likely due to unavailable code) |
Links | https://clickhouse.yandex/docs/en/security_changelog/ |