CVE-2022-44011
https://notcve.org/view.php?id=CVE-2022-44011
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. Se descubrió un problema en ClickHouse antes del 22.9.1.2603. Un usuario autenticado (con la capacidad de cargar datos) podría provocar un desbordamiento del búfer del heap y bloquear el servidor al insertar un objeto CapnProto con formato incorrecto. • https://clickhouse.com • CWE-787: Out-of-bounds Write •
CVE-2020-26759
https://notcve.org/view.php?id=CVE-2020-26759
clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow. clickhouse-driver versiones anteriores a 0.1.5, permite a un servidor clickhouse malicioso desencadenar un bloqueo o ejecutar código arbitrario (en un cliente de base de datos) por medio de una respuesta de servidor diseñada, debido a un desbordamiento del búfer • https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •