← Back

CVE-2024-41436

nvd nist
Published: Sep 3, 2024Modified: Jul 3, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.

Affected (1)

Clickhouse
1 product
Clickhouse
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Clickhouse
Version 24.3.3.102

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitIssue Tracking

Timeline

No history available yet.