CVE-2019-16535 — Out-of-bounds Read in Clickhouse

CWE-125 — Out-of-bounds Read CWE-191 — Integer Underflow (Wrap or Wraparound)CWE-787 — Out-of-bounds Write2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

1.3%

top 20.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clickhouse

Timeline

PublishedDec 30

Latest updateMay 24

Description

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDclickhouse/clickhouse< 19.14

▶CVEListV5clickhouse/clickhouseAll versions prior to version 19.14.

🔴Vulnerability Details

GHSA

GHSA-x3fg-74w9-f5r4: In all versions of ClickHouse before 19↗2022-05-24

▶