Описание
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.
| Релиз | Статус | Примечание |
|---|---|---|
| esm-apps/focal | not-affected | code not present |
| focal | not-affected | code not present |
| impish | ignored | end of life |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.
Уязвимость кодека сжатия LZ4 системы управления базами данных ClickHouse OLAP, позволяющая нарушителю выполнить произвольный код
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3