PT-2019-14693 · Yandex+1 · Clickhouse+1

Eldar Zaitov

Publicado

2019-11-12

Atualizado

2025-06-25

CVE-2019-16535

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ClickHouse versions prior to 19.14

Description The issue concerns an out-of-bounds (OOB) read, OOB write, and integer underflow in decompression algorithms. This can be exploited to achieve remote code execution (RCE) or cause a denial of service (DoS) via the native protocol.

Recommendations For versions prior to 19.14, update to version 19.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the native protocol to minimize the risk of exploitation.

Correção

RCE

DoS

Integer Underflow

Memory Corruption

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-191CWE-787CWE-125

Identificadores relacionados

ALT-PU-2019-3124

CVE-2019-16535

Produtos afetados

Alt Linux

Clickhouse

PT-2019-14693 · Yandex+1 · Clickhouse+1

CVE-2019-16535

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5