In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
References
Link | Resource |
---|---|
https://clickhouse.yandex/docs/en/security_changelog/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: yandex
Published: 2019-12-30T14:35:21
Updated: 2019-12-30T14:35:21
Reserved: 2019-09-19T00:00:00
Link: CVE-2019-16535
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-30T15:15:10.673
Modified: 2020-01-03T16:40:03.287
Link: CVE-2019-16535
JSON object: View
Redhat Information
No data.