Clickhouse

Clickhouse

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.8

CVE-2025-52969

  • EPSS 0.01%
  • Veröffentlicht 23.06.2025 00:00:00
  • Zuletzt bearbeitet 03.07.2025 16:15:23

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

7.5

CVE-2025-1385

  • EPSS 0.15%
  • Veröffentlicht 20.03.2025 07:13:34
  • Zuletzt bearbeitet 20.03.2025 08:15:11

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the Cli...

7.5

CVE-2024-41436

Exploit
  • EPSS 0.2%
  • Veröffentlicht 03.09.2024 19:15:14
  • Zuletzt bearbeitet 03.07.2025 12:51:14

ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.

8.1

CVE-2024-6873

  • EPSS 1.65%
  • Veröffentlicht 01.08.2024 16:15:07
  • Zuletzt bearbeitet 01.08.2024 16:45:25

It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available ...

2.4

CVE-2024-22412

  • EPSS 0.01%
  • Veröffentlicht 18.03.2024 21:15:06
  • Zuletzt bearbeitet 21.11.2024 08:56:14

ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access co...

7.5

CVE-2023-48704

  • EPSS 0.36%
  • Veröffentlicht 22.12.2023 16:15:08
  • Zuletzt bearbeitet 21.11.2024 08:32:17

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload ...

7.5

CVE-2023-48298

  • EPSS 0.47%
  • Veröffentlicht 21.12.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:31:26

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC c...

9.8

CVE-2023-47118

  • EPSS 0.39%
  • Veröffentlicht 20.12.2023 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:29:48

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload...

6.5

CVE-2022-44011

  • EPSS 0.09%
  • Veröffentlicht 23.11.2023 16:15:07
  • Zuletzt bearbeitet 21.11.2024 07:27:31

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22....

7.5

CVE-2022-44010

  • EPSS 0.31%
  • Veröffentlicht 23.11.2023 16:15:07
  • Zuletzt bearbeitet 21.11.2024 07:27:31

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not req...