CVE-2023-48298

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-48298
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48298.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-48298
Aliases
  • GHSA-qw9f-qv29-8938
Downstream
Published
2023-12-21T23:07:43Z
Modified
2025-10-15T02:42:57.968745Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Integer underflow leading to stack overflow in FPC codec decompression
Details

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.

References

Affected packages

Git /

Affected ranges

Database specific 

{
    "unresolved_versions": [
        {
            "events": [
                {
                    "introduced": "0"
                },
                {
                    "last_affected": "23.10.2.14"
                }
            ],
            "type": ""
        }
    ]
}