CVE-2022-44011

Published: Nov 23, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

Affected (5)

Products: Clickhouse: Clickhouse

Clickhouse

1 product

Clickhouse

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Clickhouse Clickhouse	Before 22.3.12.19
Clickhouse Clickhouse	From 22.6 to 22.6.6.16
Clickhouse Clickhouse	From 22.7 to 22.7.4.16
Clickhouse Clickhouse	From 22.8 to 22.8.2.11
Clickhouse Clickhouse	From 22.9 to 22.9.1.2603

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://clickhouse.com

Source: cve@mitre.org

Product

https://clickhouse.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.