CVE-2021-43305

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
Configurations

Configuration 1

cpe:2.3:a:yandex:clickhouse:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Information

Published : 2022-03-14 11:15

Updated : 2022-12-08 03:24


NVD link : CVE-2021-43305

Mitre link : CVE-2021-43305

Products Affected
No products.
CWE