Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-43305

Опубликовано: 14 мар. 2022
Источник: debian
EPSS Низкий

Описание

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
clickhousefixed18.16.1+ds-7.3package
clickhousefixed18.16.1+ds-7.2+deb11u1bullseyepackage

Примечания

  • https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)

  • https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685)

  • https://github.com/ClickHouse/ClickHouse/pull/27136

  • https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/

EPSS

Процентиль: 51%
0.00281
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-43305

CVSS3: 8.8
ubuntu
почти 4 года назад

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

nvd логотип

CVE-2021-43305

CVSS3: 8.8
nvd
почти 4 года назад

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

github логотип

GHSA-rjm8-hjq2-73j6

CVSS3: 8.8
github
почти 4 года назад

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

fstec логотип

BDU:2022-01317

CVSS3: 8.8
fstec
почти 4 года назад

Уязвимость кодека сжатия LZ4 системы управления базами данных ClickHouse OLAP, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 51%
0.00281
Низкий