CVE-2019-16535

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ClickHouse versions prior to 19.14

Description The issue concerns an out-of-bounds (OOB) read, OOB write, and integer underflow in decompression algorithms. This can be exploited to achieve remote code execution (RCE) or cause a denial of service (DoS) via the native protocol.

Recommendations For versions prior to 19.14, update to version 19.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the native protocol to minimize the risk of exploitation.

Fix

RCE

DoS

Integer Underflow

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-787CWE-125

Related Identifiers

ALT-PU-2019-3124

CVE-2019-16535

Affected Products

Alt Linux

Clickhouse

CVE-2019-16535

Weakness Enumeration

Related Identifiers

Affected Products

References · 5