ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.
History

Wed, 27 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-21T23:07:43.901Z

Updated: 2024-11-27T15:47:44.723Z

Reserved: 2023-11-14T17:41:15.571Z

Link: CVE-2023-48298

cve-icon Vulnrichment

Updated: 2024-08-02T21:23:39.516Z

cve-icon NVD

Status : Modified

Published: 2023-12-21T23:15:09.047

Modified: 2024-11-21T08:31:26.090

Link: CVE-2023-48298

cve-icon Redhat

No data.