CVE-2024-41436.yaml
1 info: 2 name: clickhouse 3 cve: CVE-2024-41436 4 summary: ClickHouse缓冲区溢出漏洞 5 details: | 6 ClickHouse v24.3.3.102 在组件 DB::evaluateConstantExpressionImpl 中被发现存在缓冲区溢出漏洞。 7 cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 8 severity: HIGH 9 security_advise: 升级到 ClickHouse 的最新版本以解决此缓冲区溢出漏洞。 10 rule: version = "24.3.3.102" 11 references: 12 - https://nvd.nist.gov/vuln/detail/CVE-2024-41436 13 - https://github.com/ClickHouse/ClickHouse/issues/65520 14 - https://gist.github.com/ycybfhb/db127ae9d105a4d20edc9f010a959016