Clickhouse

Clickhouse

25 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-42391

Exploit
  • EPSS 0.56%
  • Published 14.03.2022 23:15:08
  • Last modified 25.06.2025 20:49:29

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

8.8

CVE-2021-43305

Exploit
  • EPSS 0.28%
  • Published 14.03.2022 23:15:08
  • Last modified 25.06.2025 20:49:29

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, cop...

8.8

CVE-2021-43304

Exploit
  • EPSS 0.15%
  • Published 14.03.2022 23:15:08
  • Last modified 25.06.2025 20:49:29

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, cop...

6.5

CVE-2021-42390

Exploit
  • EPSS 0.53%
  • Published 14.03.2022 23:15:08
  • Last modified 25.06.2025 20:49:29

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

6.5

CVE-2021-42389

Exploit
  • EPSS 0.53%
  • Published 14.03.2022 23:15:08
  • Last modified 25.06.2025 20:49:29

Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

8.1

CVE-2021-42388

Exploit
  • EPSS 0.37%
  • Published 14.03.2022 23:15:07
  • Last modified 25.06.2025 20:49:29

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in th...

8.1

CVE-2021-42387

Exploit
  • EPSS 0.32%
  • Published 14.03.2022 23:15:07
  • Last modified 25.06.2025 20:49:29

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in th...

9.8

CVE-2019-16535

  • EPSS 1.07%
  • Published 30.12.2019 15:15:10
  • Last modified 25.06.2025 20:48:54

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.

6.5

CVE-2019-15024

  • EPSS 0.35%
  • Published 30.12.2019 15:15:10
  • Last modified 25.06.2025 20:48:54

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHou...

5.3

CVE-2019-18657

  • EPSS 0.42%
  • Published 31.10.2019 19:15:12
  • Last modified 25.06.2025 20:48:54

ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.