← Back

CVE-2023-48298

nvd nist
Published: Dec 21, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.

Affected (5)

Clickhouse
2 products
Clickhouse
Clickhouse Cloud
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Clickhouse
Clickhouse
From 23.10 to 23.10.4.25
Clickhouse
From 23.3 to 23.3.17.13
Clickhouse
From 23.8 to 23.8.7.24
Clickhouse
From 23.9 to 23.9.5.29
Clickhouse Cloud
From 23.9 to 23.9.2.47475

Related CWEs

CWE-191
Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (4)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.