CVE-2019-16535

EPSS 1.07%
Veröffentlicht 30.12.2019 15:15:10
Zuletzt bearbeitet 25.06.2025 20:48:54
Quelle browser-security@yandex-team.r
Teams Watchlist Login
Unerledigt Login

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Clickhouse ≫ Clickhouse Version < 19.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.77

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://clickhouse.yandex/docs/en/security_changelog/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-16535

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-16535

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-16535

EUVD