cbcvebase.
CVE-2022-44010
published 2023-11-23

CVE-2022-44010: An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.97%
57.4th percentile
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

Affected

6 ranges
VendorProductVersion rangeFixed in
clickhouseclickhouse< 22.3.12.1922.3.12.19
clickhouseclickhouse>= 22.6 < 22.6.6.1622.6.6.16
clickhouseclickhouse>= 22.7 < 22.7.4.1622.7.4.16
clickhouseclickhouse>= 22.8 < 22.8.2.1122.8.2.11
clickhouseclickhouse>= 22.9 < 22.9.1.260322.9.1.2603
debianclickhouse

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.