CVE-2022-44011
published 2023-11-23CVE-2022-44011: An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.70%
48.7th percentile
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clickhouse | clickhouse | < 22.3.12.19 | 22.3.12.19 |
| clickhouse | clickhouse | >= 22.6 < 22.6.6.16 | 22.6.6.16 |
| clickhouse | clickhouse | >= 22.7 < 22.7.4.16 | 22.7.4.16 |
| clickhouse | clickhouse | >= 22.8 < 22.8.2.11 | 22.8.2.11 |
| clickhouse | clickhouse | >= 22.9 < 22.9.1.2603 | 22.9.1.2603 |
| debian | clickhouse | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2022-44011: clickhouse - An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user ...
vendor_debian·2022·CVSS 6.5
CVE-2022-44011 [MEDIUM] CVE-2022-44011: clickhouse - An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user ...
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
Scope: local
bookworm: open
bullseye: open
OSV
CVE-2022-44011: An issue was discovered in ClickHouse before 22
osv·2023-11-23·CVSS 6.5
CVE-2022-44011 [MEDIUM] CVE-2022-44011: An issue was discovered in ClickHouse before 22
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
GHSA
GHSA-4xq2-q58f-2q5m: An issue was discovered in ClickHouse before 22
ghsa_unreviewed·2023-11-23
CVE-2022-44011 [MEDIUM] CWE-787 GHSA-4xq2-q58f-2q5m: An issue was discovered in ClickHouse before 22
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-23
Published