-
-
Save ycybfhb/db127ae9d105a4d20edc9f010a959016 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CVE ID] | |
CVE-2024-41436 | |
[PRODUCT] | |
ClickHouse | |
[VERSION] | |
v24.3.3.102 | |
[PROBLEM TYPE] | |
buffer overflow | |
[DESCRIPTION] | |
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow vulnerability, | |
which could lead to database crashes and denial of service attacks. | |
The issue here is that 'DB::evaluateConstantExpressionImpl' uses the old analyzer unconditionally. | |
This function should be rewritten to support 'allow_experimental_analyzer' setting. | |
[Reference] | |
https://github.com/ClickHouse/ClickHouse/issues/65520 | |
[Discoverer] | |
Jiaju Bai, Zixuan Fu, Hongbo Feng, Jianwei Liu |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment