Unrated severityNVD Advisory· Published Dec 21, 2023· Updated Nov 27, 2024

Integer underflow leading to stack overflow in FPC codec decompression

CVE-2023-48298

Description

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.

Affected products

Clickhouse/Clickhousev5
Range: <= 23.10.2.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ClickHouse/ClickHouse/pull/56795mitrex_refsource_MISC
github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000