Description
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.
Details
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| clickhouse | 23.10 | 23.10.2.13 |
| clickhouse-cloud | — | 23.9.2.47475 |
References
Similar Threats
- Unknown ECHO-322b-5717-8504
- Unknown CVE-2025-52969
- Unknown DEBIAN-CVE-2019-16536
- High CVE-2024-41436
- Unknown DEBIAN-CVE-2024-41436
Exploit Protection
Help block exploit attempts
BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.
Try BotEraser Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.