Описание
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | released | 18.16.1+ds-7ubuntu0.1 |
| esm-apps/noble | not-affected | 18.16.1+ds-7.4build2 |
| focal | released | 18.16.1+ds-7ubuntu0.1 |
| impish | ignored | end of life |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | not-affected | 18.16.1+ds-7.4build2 |
| upstream | released | 18.16.1+ds-7.4 |
Показывать по
Ссылки на источники
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
Уязвимость кодека сжатия LZ4 системы управления базами данных ClickHouse OLAP, позволяющая нарушителю выполнить произвольный код
6.5 Medium
CVSS2
8.8 High
CVSS3