CVE-2021-42390
published 2022-03-14CVE-2021-42390: Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo…
PriorityP432medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.24%
65.4th percentile
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clickhouse | clickhouse | < 21.10.2.15 | 21.10.2.15 |
| debian | clickhouse | — | — |
| yandex | clickhouse | >= unspecified < 21.10.2.15-stable | 21.10.2.15-stable |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_debian6.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2021-42390: clickhouse - Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a mali...
vendor_debian·2021·CVSS 6.5
CVE-2021-42390 [MEDIUM] CVE-2021-42390: clickhouse - Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a mali...
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Scope: local
bookworm: resolved
bullseye: resolved
GHSA
GHSA-mf33-8pgp-q5fx: Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query
ghsa_unreviewed·2022-03-16
CVE-2021-42390 [MEDIUM] CWE-369 GHSA-mf33-8pgp-q5fx: Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-14
Published