ClickHouse, an open-source database management system solution is vulnerable to seven vulnerabilities.
These flaws can cause any servers to crash and leak memory contents, and even can lead to the execution of arbitrary code.
Although authentication is required, these vulnerabilities can also be triggered by any user with read permissions.
An attacker would need a specially crafted compressed file to crash a vulnerable database serve which can leas to high-severity security failure.
Source: https://thehackernews.com/2022/03/multiple-flaws-uncovered-in-clickhouse.html
TPRM report: https://scoringcyber.rankiteo.com/company/clickhouseinc
"id": "cli232017322",
"linkid": "clickhouseinc",
"type": "Vulnerability",
"date": "03/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Software',
'name': 'ClickHouse',
'type': 'Database Management System'}],
'attack_vector': 'Specially crafted compressed file',
'description': 'ClickHouse, an open-source database management system '
'solution, is vulnerable to seven vulnerabilities. These flaws '
'can cause servers to crash and leak memory contents, and even '
'lead to the execution of arbitrary code. Although '
'authentication is required, these vulnerabilities can also be '
'triggered by any user with read permissions. An attacker '
'would need a specially crafted compressed file to crash a '
'vulnerable database server, which can lead to high-severity '
'security failure.',
'impact': {'operational_impact': 'High-severity security failure',
'systems_affected': 'Database Servers'},
'initial_access_broker': {'entry_point': 'Specially crafted compressed file'},
'motivation': 'Unauthorized access, data leakage, service disruption',
'threat_actor': 'Any user with read permissions',
'title': 'ClickHouse Database Vulnerabilities',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': ['Memory Leak',
'Arbitrary Code Execution',
'Server Crash']}