CVE-2021-42387 in ClickhouseИнформация

Сводка

по MITRE • 15.03.2022

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Резервировать

14.10.2021

Раскрытие

15.03.2022

Модерация

принято

Вход

VDB-194914

EPSS

0.01549

KEV

Нет

Деятельности

Очень низкий

Источники

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!