PT-2022-27074 · Unknown+2 · Clickhouse+1
Published
2022-09-22
·
Updated
2023-11-30
·
CVE-2022-44011
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ClickHouse versions prior to 22.9.1.2603
ClickHouse versions prior to 22.8.2.11
ClickHouse versions prior to 22.7.4.16
ClickHouse versions prior to 22.6.6.16
ClickHouse versions prior to 22.3.12.19
Description
An issue was discovered in ClickHouse where an authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object.
Recommendations
For versions prior to 22.9.1.2603, update to version 22.9.1.2603 or later.
For versions prior to 22.8.2.11, update to version 22.8.2.11 or later.
For versions prior to 22.7.4.16, update to version 22.7.4.16 or later.
For versions prior to 22.6.6.16, update to version 22.6.6.16 or later.
For versions prior to 22.3.12.19, update to version 22.3.12.19 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clickhouse
Debian