An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.
{
"unresolved_ranges": [
{
"source": "DESCRIPTION",
"extracted_events": [
{
"fixed": "22.9.1.2603"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/44xxx/CVE-2022-44011.json",
"cna_assigner": "mitre"
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "22.3.12.19"
},
{
"introduced": "22.6"
},
{
"fixed": "22.6.6.16"
},
{
"introduced": "22.7"
},
{
"fixed": "22.7.4.16"
},
{
"introduced": "22.8"
},
{
"fixed": "22.8.2.11"
},
{
"introduced": "22.9"
},
{
"fixed": "22.9.1.2603"
}
]
}