CVE-2023-48704

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Dec 22, 2023
Updated: Jan 2, 2024
CWE ID 122
CWE ID 787
CWE ID 120

Summary

CVE-2023-48704 is a vulnerability found in ClickHouse, an open-source column-oriented database management system. The vulnerability is a heap buffer overflow issue in the ClickHouse server, which can be triggered by sending a specially crafted payload to the native interface on port 9000/tcp. This bug affects several versions of ClickHouse, including ClickHouse Cloud version 23.9.2.47551 and versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20. The vulnerability does not require authentication and can lead to the crash of the ClickHouse server process due to a bug in the decompression logic of Gorilla codec. To remediate this issue, organizations should update their ClickHouse installations to the mentioned patched versions or apply necessary security updates provided by ClickHouse developers and maintainers to prevent potential exploitation and disruption of service availability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-48704 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options