Buffer Overflow Vulnerability in ClickHouse HTTP Endpoint by Altinity
CVE-2022-44010

7.5HIGH

Key Information:

Vendor: Clickhouse
Status: Clickhouse
Vendor: CVE Published:; 23 November 2023

What is CVE-2022-44010?

A vulnerability in ClickHouse, before version 22.9.1.2603, allows attackers to trigger a heap-based buffer overflow by sending a specially crafted HTTP request to the HTTP endpoint, typically listening on port 8123. This exploit can lead to the crashing of the ClickHouse process without requiring any form of authentication. Users are urged to upgrade to the affected fixed versions to ensure system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://clickhouse.com/docs/en/whats-new/security-changelog

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2023
Vulnerability Reserved
Oct 29, 2022

JSON

Clickhouse

What is CVE-2022-44010?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.