Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-48704

Опубликовано: 22 дек. 2023
Источник: nvd
CVSS3: 7
CVSS3: 7.5
EPSS Низкий

Описание

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*
Версия от 23.3 (включая) до 23.3.18.15 (исключая)
cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*
Версия от 23.8 (включая) до 23.8.8.20 (исключая)
cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*
Версия от 23.9 (включая) до 23.9.6.20 (исключая)
cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*
Версия от 23.10 (включая) до 23.10.5.20 (исключая)
cpe:2.3:a:clickhouse:clickhouse_cloud:*:*:*:*:*:*:*:*
Версия до 23.9.2.47551 (исключая)

EPSS

Процентиль: 58%
0.00362
Низкий

7 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-120
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2023-48704

CVSS3: 7
ubuntu
около 2 лет назад

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.

debian логотип

CVE-2023-48704

CVSS3: 7
debian
около 2 лет назад

ClickHouse is an open-source column-oriented database management syste ...

EPSS

Процентиль: 58%
0.00362
Низкий

7 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-120
CWE-787