PT-2022-27073 · Unknown+2 · Clickhouse+1
Kiojj
·
Published
2022-09-22
·
Updated
2023-11-30
·
CVE-2022-44010
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ClickHouse versions prior to 22.9.1.2603
ClickHouse versions prior to 22.8.2.11
ClickHouse versions prior to 22.7.4.16
ClickHouse versions prior to 22.6.6.16
ClickHouse versions prior to 22.3.12.19
Description
A heap-based buffer overflow issue was discovered in the ClickHouse server, allowing an attacker to send a crafted HTTP request to the HTTP Endpoint, usually listening on port 8123 by default, causing the process to crash. This issue does not require authentication.
Recommendations
For versions prior to 22.9.1.2603, update to version 22.9.1.2603 or later.
For versions prior to 22.8.2.11, update to version 22.8.2.11 or later.
For versions prior to 22.7.4.16, update to version 22.7.4.16 or later.
For versions prior to 22.6.6.16, update to version 22.6.6.16 or later.
For versions prior to 22.3.12.19, update to version 22.3.12.19 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clickhouse
Debian