CVE-2021-43305
Description
Heap buffer overflow in Clickhouses LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy(op, ip, copy_end), dont exceed the destination buffers limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.281
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| column-oriented database system (cli client) (USN-6933-1) clickhouse-common_18.16.1+ds-7ubuntu0.1_amd64.deb | Linux |
| column-oriented database system (cli client) (USN-6933-1) clickhouse-server_18.16.1+ds-7ubuntu0.1_amd64.deb | Linux |
| column-oriented database system (cli client) (USN-6933-1) clickhouse-tools_18.16.1+ds-7ubuntu0.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234