Source: clickhouse
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for clickhouse.

CVE-2023-48704[0]:
| ClickHouse is an open-source column-oriented database management
| system that allows generating analytical data reports in real-time.
| A heap buffer overflow issue was discovered in ClickHouse server. An
| attacker could send a specially crafted payload to the native
| interface exposed by default on port 9000/tcp, triggering a bug in
| the decompression logic of Gorilla codec that crashes the ClickHouse
| server process. This attack does not require authentication. This
| issue has been addressed in ClickHouse Cloud version 23.9.2.47551
| and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and
| 23.9.6.20.

https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63
https://github.com/ClickHouse/ClickHouse/pull/57107
  

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-48704
    https://www.cve.org/CVERecord?id=CVE-2023-48704

Please adjust the affected versions in the BTS as needed.

Reply via email to