CVE-2022-44010
published 2023-11-23CVE-2022-44010: An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.97%
57.4th percentile
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clickhouse | clickhouse | < 22.3.12.19 | 22.3.12.19 |
| clickhouse | clickhouse | >= 22.6 < 22.6.6.16 | 22.6.6.16 |
| clickhouse | clickhouse | >= 22.7 < 22.7.4.16 | 22.7.4.16 |
| clickhouse | clickhouse | >= 22.8 < 22.8.2.11 | 22.8.2.11 |
| clickhouse | clickhouse | >= 22.9 < 22.9.1.2603 | 22.9.1.2603 |
| debian | clickhouse | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2022-44010: clickhouse - An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send...
vendor_debian·2022·CVSS 7.5
CVE-2022-44010 [HIGH] CVE-2022-44010: clickhouse - An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send...
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Scope: local
bookworm: open
bullseye: open
GHSA
GHSA-jf32-cfwc-7953: An issue was discovered in ClickHouse before 22
ghsa_unreviewed·2023-11-23
CVE-2022-44010 [HIGH] CWE-787 GHSA-jf32-cfwc-7953: An issue was discovered in ClickHouse before 22
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
OSV
CVE-2022-44010: An issue was discovered in ClickHouse before 22
osv·2023-11-23·CVSS 7.5
CVE-2022-44010 [HIGH] CVE-2022-44010: An issue was discovered in ClickHouse before 22
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-23
Published