Source: clickhouse X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for clickhouse. CVE-2023-48704[0]: | ClickHouse is an open-source column-oriented database management | system that allows generating analytical data reports in real-time. | A heap buffer overflow issue was discovered in ClickHouse server. An | attacker could send a specially crafted payload to the native | interface exposed by default on port 9000/tcp, triggering a bug in | the decompression logic of Gorilla codec that crashes the ClickHouse | server process. This attack does not require authentication. This | issue has been addressed in ClickHouse Cloud version 23.9.2.47551 | and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and | 23.9.6.20. https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63 https://github.com/ClickHouse/ClickHouse/pull/57107 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-48704 https://www.cve.org/CVERecord?id=CVE-2023-48704 Please adjust the affected versions in the BTS as needed.

