CVE-2023-48704

Summary

CVE-2023-48704 is a vulnerability found in ClickHouse, an open-source column-oriented database management system. The vulnerability is a heap buffer overflow issue in the ClickHouse server, which can be triggered by sending a specially crafted payload to the native interface on port 9000/tcp. This bug affects several versions of ClickHouse, including ClickHouse Cloud version 23.9.2.47551 and versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20. The vulnerability does not require authentication and can lead to the crash of the ClickHouse server process due to a bug in the decompression logic of Gorilla codec. To remediate this issue, organizations should update their ClickHouse installations to the mentioned patched versions or apply necessary security updates provided by ClickHouse developers and maintainers to prevent potential exploitation and disruption of service availability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.