Home > Vulnerability Database > CVE-2023-48704

Mend.io Vulnerability Database

CVE-2023-48704

Good to know:

Date: December 22, 2023

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.

Language: C++

Severity Score

7.0

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48704

Url: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63

Url: https://github.com/ClickHouse/ClickHouse/pull/57107

Url: https://www.mend.io/vulnerability-database/CVE-2023-48704

Severity Score

7.0

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version v23.3.18.15,v23.8.8.20,v23.9.6.20,v23.10.5.20

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48704

Good to know:

Date: December 22, 2023

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?