CVE-2021-42387 in Clickhouse
Сводка
по MITRE • 15.03.2022
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.