Vulnerability: RCE and DoS via Native Protocol in ClickHouse (versions before 19.14)

Vulnerability: RCE and DoS via Native Protocol in ClickHouse (versions before 19.14)

CVE-2019-16535 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.

Learn more about our Web Application Penetration Testing UK.