exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2021-43305

почти 4 года назад

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

CVSS3: 8.8

EPSS: Низкий

CVE-2021-43305

почти 4 года назад

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

CVSS3: 8.8

EPSS: Низкий

CVE-2021-43305

почти 4 года назад

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...

CVSS3: 8.8

EPSS: Низкий

GHSA-rjm8-hjq2-73j6

почти 4 года назад

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

CVSS3: 8.8

EPSS: Низкий

BDU:2022-01317

почти 4 года назад

Уязвимость кодека сжатия LZ4 системы управления базами данных ClickHouse OLAP, позволяющая нарушителю выполнить произвольный код

CVSS3: 8.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-43305 Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.	CVSS3: 8.8	0% Низкий	почти 4 года назад
CVE-2021-43305 Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.	CVSS3: 8.8	0% Низкий	почти 4 года назад
CVE-2021-43305 Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...	CVSS3: 8.8	0% Низкий	почти 4 года назад
GHSA-rjm8-hjq2-73j6 Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.	CVSS3: 8.8	0% Низкий	почти 4 года назад
BDU:2022-01317 Уязвимость кодека сжатия LZ4 системы управления базами данных ClickHouse OLAP, позволяющая нарушителю выполнить произвольный код	CVSS3: 8.8	0% Низкий	почти 4 года назад

Уязвимостей на страницу