CVE-2019-16535
CRITICALClickHouse < 19.14 - Remote Code Execution or Denial of Service via Native Protocol Decompression
Title source: llmDescription
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://clickhouse.yandex/docs/en/security_changelog/
Scores
CVSS v3
9.8
EPSS
0.0169
EPSS Percentile
74.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
CWE-191
CWE-787
Status
published
Products (1)
clickhouse/clickhouse
< 19.14
Published
Dec 30, 2019
Tracked Since
Feb 18, 2026