Published: 22/12/2023 Updated: 02/01/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue exists in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clickhouse clickhouse cloud
clickhouse clickhouse

Debian Bug report logs - #1059367 clickhouse: CVE-2023-48704 Package: src:clickhouse; Maintainer for src:clickhouse is Alexander GQ Gerasiov <gq@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sat, 23 Dec 2023 19:18:02 UTC Severity: important Tags: security, upstream Forwarded to githu ...

CWE-787 https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63 https://github.com/ClickHouse/ClickHouse/pull/57107 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059367 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-48704

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect