cbcvebase.
CVE-2022-44011
published 2023-11-23

CVE-2022-44011: An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash…

PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.70%
48.7th percentile
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

Affected

6 ranges
VendorProductVersion rangeFixed in
clickhouseclickhouse< 22.3.12.1922.3.12.19
clickhouseclickhouse>= 22.6 < 22.6.6.1622.6.6.16
clickhouseclickhouse>= 22.7 < 22.7.4.1622.7.4.16
clickhouseclickhouse>= 22.8 < 22.8.2.1122.8.2.11
clickhouseclickhouse>= 22.9 < 22.9.1.260322.9.1.2603
debianclickhouse

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.