Skip to main content

Clickhouse

9 CVEs product

Monthly

CVE-2019-16536 HIGH This Week

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Clickhouse
NVD
CVSS 4.0
8.2
EPSS
0.3%
CVE-2024-41436 HIGH POC This Week

ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Clickhouse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-22412 MEDIUM POC PATCH This Month

ClickHouse is an open-source column-oriented database management system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-48704 HIGH PATCH This Week

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-48298 HIGH PATCH This Week

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-47118 CRITICAL Act Now

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2019-16535 CRITICAL Act Now

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Clickhouse
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-15024 MEDIUM This Month

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clickhouse
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-18657 MEDIUM PATCH This Month

ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Clickhouse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
EPSS 0% CVSS 8.2
HIGH This Week

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Clickhouse
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Clickhouse
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

ClickHouse is an open-source column-oriented database management system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Clickhouse Clickhouse Cloud
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Clickhouse Clickhouse Cloud
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Clickhouse +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Clickhouse +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Clickhouse
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clickhouse
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Clickhouse
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy