Published: 21/12/2023 Updated: 03/01/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clickhouse clickhouse cloud
clickhouse clickhouse

Debian Bug report logs - #1059261 clickhouse: CVE-2023-48298 CVE-2023-47118 CVE-2022-44011 CVE-2022-44010 Package: src:clickhouse; Maintainer for src:clickhouse is Alexander GQ Gerasiov <gq@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 22 Dec 2023 09:12:02 UTC Severity: grave Tags: security ...

CWE-191 https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938 https://github.com/ClickHouse/ClickHouse/pull/56795 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059261 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-48298

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect