ClickHouse — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in ClickHouse, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE ID	Title	CVSS	Severity	Paused
CVE-2024-6873	Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution. CWE-122	8.1	High	2024-08-01
CVE-2024-22412	ClickHouse's Role-based Access Control is bypassed when query caching is enabled. CWE-863	2.4	Low	2024-03-18
CVE-2023-48704	Unauthenticated heap buffer overflow in Gorrila codec decompression CWE-122	7.0	High	2023-12-22
CVE-2023-48298	Integer underflow leading to stack overflow in FPC codec decompression CWE-191	5.9	Medium	2023-12-21
CVE-2023-47118	Heap buffer overflow in T64 codec decompression CWE-122	7.0	High	2023-12-20
CVE-2021-42391	Yandex ClickHouse 数字错误漏洞 CWE-369	6.5	-	2022-03-14
CVE-2021-42390	Yandex ClickHouse 数字错误漏洞 CWE-369	6.5	-	2022-03-14
CVE-2021-42389	Yandex ClickHouse 数字错误漏洞 CWE-369	6.5	-	2022-03-14
CVE-2021-42388	Yandex ClickHouse 缓冲区错误漏洞 CWE-125	8.1	-	2022-03-14
CVE-2021-42387	Yandex ClickHouse 缓冲区错误漏洞 CWE-125	8.1	-	2022-03-14
CVE-2021-43304	Yandex ClickHouse 缓冲区错误漏洞 CWE-122	8.8	-	2022-03-14
CVE-2021-43305	Yandex ClickHouse 缓冲区错误漏洞 CWE-122	8.8	-	2022-03-14
CVE-2019-15024	Yandex ClickHouse 输入验证错误漏洞	6.5	-	2019-12-30
CVE-2019-16535	Yandex ClickHouse 缓冲区错误漏洞	9.8	-	2019-12-30
CVE-2018-14672	Yandex ClickHouse 路径遍历漏洞	7.5	-	2019-08-15
CVE-2018-14671	Yandex ClickHouse 输入验证错误漏洞	9.8	-	2019-08-15
CVE-2018-14669	ClickHouse MySQL client 信息泄露漏洞	7.5	-	2019-08-15
CVE-2018-14668	Yandex ClickHouse 跨站请求伪造漏洞	8.8	-	2019-08-15
CVE-2018-14670	Yandex ClickHouse 授权问题漏洞	9.8	-	2019-08-15

All 19 known CVE vulnerabilities affecting ClickHouse with full Chinese analysis, references, and POCs where available.