CVE-2021-43305 — Heap-based Buffer Overflow in Clickhouse

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

8.8HIGHNVD

OSV7.8

EPSS

0.3%

top 48.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clickhouse Debian Clickhouse Debian Linux

Timeline

PublishedMar 14

Latest updateJul 31

Description

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/clickhouse< clickhouse 18.16.1+ds-7.3 (bookworm)

▶NVDclickhouse/clickhouse< 21.10.2.15

▶Debianclickhouse/clickhouse< 18.16.1+ds-7.2+deb11u1+1

▶Ubuntuclickhouse/clickhouse< 18.16.1+ds-7ubuntu0.1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

clickhouse vulnerabilities↗2024-07-31

▶

GHSA

GHSA-rjm8-hjq2-73j6: Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query↗2022-03-16

▶

OSV

CVE-2021-43305: Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query↗2022-03-14

▶

📋Vendor Advisories

Ubuntu

ClickHouse vulnerabilities↗2024-07-31

▶

Debian

CVE-2021-43305: clickhouse - Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malici...↗2021

▶