clickhouse

Top products

The 15 most recently published vulnerabilities affecting clickhouse.

• CVE-2019-16536Stack overflow leading to DoS can be triggered by a malicious authenticated client.8.8May 21, 2025
• CVE-2025-1386Query smuggling in ch-go library4.9Apr 11, 2025
• CVE-2024-41436ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.7.5Sep 3, 2024
• CVE-2024-6873Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution.8.1Aug 1, 2024
• CVE-2024-22412ClickHouse's Role-based Access Control is bypassed when query caching is enabled.2.4Mar 18, 2024
• CVE-2024-23689ClickHouse Client Certificate Password Exposure8.8Jan 19, 2024
• CVE-2023-48704Unauthenticated heap buffer overflow in Gorrila codec decompression7.0Dec 22, 2023
• CVE-2023-48298Integer underflow leading to stack overflow in FPC codec decompression5.9Dec 21, 2023
• CVE-2023-47118Heap buffer overflow in T64 codec decompression7.0Dec 20, 2023
• CVE-2022-44011An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed Capn...6.5Nov 23, 2023
• CVE-2022-44010An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer...7.5Nov 23, 2023
• CVE-2021-42391Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.6.5Mar 14, 2022
• CVE-2021-42390Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.6.5Mar 14, 2022
• CVE-2021-42389Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.6.5Mar 14, 2022
• CVE-2021-43305Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbit...8.8Mar 14, 2022