Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-49043: IOT_VULN/Tenda/AX1803/fromSetWirelessRepeat.md at main · Anza2001/IOT_VULN

Debian Linux Security Advisory 5567-1 - Multiple buffer overflows and memory leak issues have been found in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- - -------------------------------------------------------------------------Debian Security Advisory DSA-5567-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuNovember 27, 2023                     https://www.debian.org/security/faq- - -------------------------------------------------------------------------Package        : tiffCVE ID         : CVE-2023-3576 CVE-2023-40745 CVE-2023-41175Debian Bug     :Brief introductionMultiple buffer overflows and memory leak issues have been found in tiff,the Tag Image File Format (TIFF) library and tools, which may cause denialof service when processing a crafted TIFF image.For the oldstable distribution (bullseye), these problems have been fixedin version 4.2.0-1+deb11u5.For the stable distribution (bookworm), these problems have been fixed inversion 4.5.0-6+deb12u1.We recommend that you upgrade your tiff packages.For the detailed security status of tiff please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tiffFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmVkI0cACgkQO1LKKgqv2VT46QgAvtYySLyFvbEsmMlcHIFWXRtkqO2cxtsb7F0NDN8vl2yATpPN8ZWeEmFxES3DEpRJkAmZ9Of+87a06r4tdFAQlg/uqwMMO4WbdihUlzgnsRLXKUSUqHMFv3Wr9nvckp6OCwztPUb0G+bpAn+dJHqs6iF3q6ukwWcW0cprLQzigUMmxTnvWt4bc4eT1nfWRLWkwVObl488Lq94zawtB3NZoQaNvQDMHxVZ7VPsQvDSrKAT71/TnzFUpXJlUePBCKUmK1Q0a6akxBpoNAr6ujdrWcCPDMNl7+jBJE3AwoMPZptTlIsqKTYTT4qrtd80YDYxVScgc+t2GrO1PgzM12/Mqg==WLU7-----END PGP SIGNATURE-----

Debian Security Advisory 5567-1

Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.

Affected Resources

*   Frhed 1.6.0 version.

Description

INCIBE has coordinated the publication of one vulnerabilitiy that affects Frhed, a binary file editor for Windows, which has been discovered by Rafael Pedrero.

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

*   CVE-2023-4590: CVSS v3.1: 7.3 | CVSS: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | CWE-119.

Solution

There is no reported solution at this time.

Detail

*   **CVE-2023-4590**: buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.

CVE-2023-4590: Buffer Overflow vulnerability in Frhed

Gentoo Linux Security Advisory 202311-8 - A buffer overflow vulnerability has been discovered in GNU Libmicrohttpd. Versions greater than 0.9.70 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GNU Libmicrohttpd: Buffer Overflow Vulnerability  
     Date: November 25, 2023  
     Bugs: #778296  
       ID: 202311-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A buffer overflow vulnerability has been discovered in GNU  
Libmicrohttpd.

Background  
=========  
GNU libmicrohttpd is a small C library that makes it easy to run an HTTP  
server as part of another application. GNU Libmicrohttpd is free  
software and part of the GNU project.

Affected packages  
================  
Package                 Vulnerable    Unaffected  
----------------------  ------------  ------------  
net-libs/libmicrohttpd  = 0.9.70      > 0.9.70

Description  
==========  
A buffer overflow vulnerability has been discovered in GNU  
Libmicrohttpd. Please review the CVE identifier referenced below for  
details.

Impact  
=====  
A missing bounds check in the post_process_urlencoded function leads to  
a buffer overflow, allowing a remote attacker to write arbitrary data in  
an application that uses libmicrohttpd. The highest threat from this  
vulnerability is to data confidentiality and integrity as well as system  
availability.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GNU Libmicrohttpd users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">net-libs/libmicrohttpd-0.9.70"

References  
=========  
[ 1 ] CVE-2021-3466  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3466

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-08

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-08

Gentoo Linux Security Advisory 202311-5 - Multiple vulnerabilities have been discovered in LinuxCIFS utils, the worst of which can lead to local root privilege escalation. Versions greater than or equal to 6.15 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: LinuxCIFS utils: Multiple Vulnerabilities  
     Date: November 24, 2023  
     Bugs: #842234  
       ID: 202311-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in LinuxCIFS utils, the  
worst of which can lead to local root privilege escalation.

Background  
=========  
The LinuxCIFS utils are a collection of tools for managing Linux CIFS  
Client Filesystems.

Affected packages  
================  
Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
net-fs/cifs-utils  < 6.15        >= 6.15

Description  
==========  
Multiple vulnerabilities have been discovered in LinuxCIFS utils. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
A stack-based buffer overflow when parsing the mount.cifs ip= command-  
line argument could lead to local attackers gaining root privileges.

When verbose logging is enabled, invalid credentials file lines may be  
dumped to stderr. This may lead to information disclosure in particular  
conditions when the credentials file given is sensitive and contains '='  
signs.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All LinuxCIFS utils users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.15"

References  
=========  
[ 1 ] CVE-2022-27239  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27239  
[ 2 ] CVE-2022-29869  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29869

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-05

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-05

Gentoo Linux Security Advisory 202311-7 - A vulnerability has been found in AIDE which can lead to root privilege escalation. Versions greater than or equal to 0.17.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: AIDE: Root Privilege Escalation  
     Date: November 25, 2023  
     Bugs: #831658  
       ID: 202311-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been found in AIDE which can lead to root privilege  
escalation.

Background  
==========

AIDE (Advanced Intrusion Detection Environment) is a file and directory  
integrity checker.

It creates a database from the regular expression rules that it finds  
from the config file(s). Once this database is initialized it can be  
used to verify the integrity of the files. It has several message digest  
algorithms (see below) that are used to check the integrity of the file.  
All of the usual file attributes can also be checked for  
inconsistencies.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
app-forensics/aide  < 0.17.4      >= 0.17.4

Description  
===========

A vulnerability has been discovered in AIDE. Please review the CVE  
identifier referenced below for details.

Impact  
======

AIDE before 0.17.4 allows local users to obtain root privileges via  
crafted file metadata (such as XFS extended attributes or tmpfs ACLs),  
because of a heap-based buffer overflow.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All AIDE users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-forensics/aide-0.17.4"

References  
==========

[ 1 ] CVE-2021-45417  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45417

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-07

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-07

scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.

Expand Up @@ -2299,13 +2299,13 @@ static json\_t \* register\_new\_attestation(struct config\_module \* config, json\_t \* for (i\=0; i<cbor\_map\_size(cbor\_cose); i++) { cbor\_key \= cbor\_map\_handle(cbor\_cose)\[i\].key; cbor\_value \= cbor\_map\_handle(cbor\_cose)\[i\].value; if (cbor\_isa\_negint(cbor\_key) && cbor\_get\_int(cbor\_key) \== 1 && cbor\_isa\_bytestring(cbor\_value)) { if (cbor\_isa\_negint(cbor\_key) && cbor\_get\_int(cbor\_key) \== 1 && cbor\_isa\_bytestring(cbor\_value) && cbor\_bytestring\_length(cbor\_value) <= 256) { has\_x \= 1; memcpy(cert\_x, cbor\_bytestring\_handle(cbor\_value), cbor\_bytestring\_length(cbor\_value)); cert\_x\_len \= cbor\_bytestring\_length(cbor\_value); g\_x.data \= cert\_x; g\_x.size \= (unsigned int)cbor\_bytestring\_length(cbor\_value); } else if (cbor\_isa\_negint(cbor\_key) && cbor\_get\_int(cbor\_key) \== 2 && cbor\_isa\_bytestring(cbor\_value)) { } else if (cbor\_isa\_negint(cbor\_key) && cbor\_get\_int(cbor\_key) \== 2 && cbor\_isa\_bytestring(cbor\_value) && cbor\_bytestring\_length(cbor\_value) <= 256) { has\_y \= 1; memcpy(cert\_y, cbor\_bytestring\_handle(cbor\_value), cbor\_bytestring\_length(cbor\_value)); cert\_y\_len \= cbor\_bytestring\_length(cbor\_value); Expand Down

CVE-2023-49208: Check key length before parsing it in FIDO2 attestation registration · babelouest/glewlwyd@f9d8c06

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

**Fixed in ClickHouse 22.9.1.2603, 2022-09-22​****CVE-2022-44011​**

A heap buffer overflow issue was discovered in ClickHouse server. A malicious user with ability to load data into ClickHouse server could crash the ClickHouse server by inserting a malformed CapnProto object.

Fix has been pushed to version 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, 22.3.12.19

Credits: Kiojj (independent researcher)

**CVE-2022-44010​**

A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted HTTP request to the HTTP Endpoint (listening on port 8123 by default), causing a heap-based buffer overflow that crashes the ClickHouse server process. This attack does not require authentication.

Fix has been pushed to version 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, 22.3.12.19

Credits: Kiojj (independent researcher)

**Fixed in ClickHouse 21.10.2.15, 2021-10-18​****CVE-2021-43304​**

Heap buffer overflow in ClickHouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy\_amount>(op, ip, copy\_end), don’t exceed the destination buffer’s limits.

Credits: JFrog Security Research Team

**CVE-2021-43305​**

Heap buffer overflow in ClickHouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy\_amount>(op, ip, copy\_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

Credits: JFrog Security Research Team

**CVE-2021-42387​**

Heap out-of-bounds read in ClickHouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.

Credits: JFrog Security Research Team

**CVE-2021-42388​**

Heap out-of-bounds read in ClickHouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.

Credits: JFrog Security Research Team

**CVE-2021-42389​**

Divide-by-zero in ClickHouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

Credits: JFrog Security Research Team

**CVE-2021-42390​**

Divide-by-zero in ClickHouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

Credits: JFrog Security Research Team

**CVE-2021-42391​**

Divide-by-zero in ClickHouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

Credits: JFrog Security Research Team

**Fixed in ClickHouse 21.4.3.21, 2021-04-12​****CVE-2021-25263​**

An attacker that has CREATE DICTIONARY privilege, can read arbitary file outside permitted directory.

Fix has been pushed to versions 20.8.18.32-lts, 21.1.9.41-stable, 21.2.9.41-stable, 21.3.6.55-lts, 21.4.3.21-stable and later.

Credits: Vyacheslav Egoshin

**Fixed in ClickHouse Release 19.14.3.3, 2019-09-10​****CVE-2019-15024​**

Аn attacker that has write access to ZooKeeper and who can run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.

Credits: Eldar Zaitov of Yandex Information Security Team

**CVE-2019-16535​**

Аn OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.

Credits: Eldar Zaitov of Yandex Information Security Team

**CVE-2019-16536​**

Stack overflow leading to DoS can be triggered by a malicious authenticated client.

Credits: Eldar Zaitov of Yandex Information Security Team

**Fixed in ClickHouse Release 19.13.6.1, 2019-09-20​****CVE-2019-18657​**

Table function url had the vulnerability allowed the attacker to inject arbitrary HTTP headers in the request.

Credits: Nikita Tikhomirov

**Fixed in ClickHouse Release 18.12.13, 2018-09-10​****CVE-2018-14672​**

Functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.

Credits: Andrey Krasichkov of Yandex Information Security Team

**Fixed in ClickHouse Release 18.10.3, 2018-08-13​****CVE-2018-14671​**

unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.

Credits: Andrey Krasichkov and Evgeny Sidorov of Yandex Information Security Team

**Fixed in ClickHouse Release 1.1.54388, 2018-06-28​****CVE-2018-14668​**

“remote” table function allowed arbitrary symbols in “user”, “password” and “default\_database” fields which led to Cross Protocol Request Forgery Attacks.

Credits: Andrey Krasichkov of Yandex Information Security Team

**Fixed in ClickHouse Release 1.1.54390, 2018-07-06​****CVE-2018-14669​**

ClickHouse MySQL client had “LOAD DATA LOCAL INFILE” functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.

Credits: Andrey Krasichkov and Evgeny Sidorov of Yandex Information Security Team

**Fixed in ClickHouse Release 1.1.54131, 2017-01-10​****CVE-2018-14670​**

Incorrect configuration in deb package could lead to the unauthorized use of the database.

Credits: the UK’s National Cyber Security Centre (NCSC)

CVE-2022-44010: Security Changelog | ClickHouse Docs

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

**Query billions of rows in milliseconds**

ClickHouse is the fastest and most resource efficient open-source database for real-time apps and analytics.

Or download open-source ClickHouse

SELECT toStartOfMonth(upload\_date) AS month, sum(view\_count) AS \`Youtube Views\`, bar(sum(has\_subtitles) / count(), 0.55, 0.7, 100) AS \`% Subtitles\` FROM youtube WHERE (month >= '2020-08-01') AND (month <= '2021-08-01') GROUP BY month ORDER BY month ASC

13 rows in set. Elapsed: 0.823 sec Processed 1.07 billion rows, 11.75 GB (1.30 billion rows/s., 14.27 GB/s.)

Trusted by developers that work with data at

scale

Don't take our word for it.

Read our user stories

"Moving over to ClickHouse we were basically able to cut that (Redshift) bill in half."

Brooke McKim  
Co-founder and CTO, Vantage

"There is that feeling of new tech where everything just feels like it's going right."

Harlow Ward  
Co-founder and CTO, Clearbit

"We wanted something not only just simple to use, but also simple to manage."

Jason Wang  
Software Engineer, Statsig

**Speed up queries from any data source**

ClickHouse supports all the data sources you need to power your apps and use cases that require exceptional performance.

Databases and data warehouses Streams, logs, and analytics Data lake formats Local files Data visualization tools Languages and drivers

**Why is ClickHouse so fast?**

Column-oriented databases are better suited to OLAP scenarios. They are at least 100x faster

in processing most queries. ClickHouse uses all available system resources to their full potential to process each analytical query as fast as possible.

Row-oriented databases

In row-oriented databases, data is stored in rows, with all the values related to a row physically stored next to each other.

Column-oriented databases

In column-oriented databases, like ClickHouse, data is stored in columns, with values from the same columns stored together.

**Deploy your way**

Unlike traditional closed-source OLAP databases, ClickHouse runs on every environment, whether it’s on your machine or in the cloud.

ClickHouse Local

Run fast queries on local files (CSV, TSV, Parquet, and more) without a server.

Open-source ClickHouse

Spin up a database server with open-source ClickHouse. Always Free.

ClickHouse Cloud

Deploy a fully managed ClickHouse service on AWS or GCP.

**Join the 100k+ developers using ClickHouse today**

**What do developers say?**

ClickHouse is the most commonly used database for internal and commercial observability platforms. Disney+ uses ClickHouse to provide analytics for its content distribution system.

“We were really not doing well with ingesting all the logs that we have because it's big data, it's all the users of Disney+ generating that data. Ever since we chose ClickHouse, it's been going well.”

Roni Lazimi

Software Engineer, Disney+

Uber’s log analytics platform

Learn why Uber migrated to ClickHouse from the ELK stack.

Cloudflare’s HTTP analytics infrastructure

Read about how Cloudflare uses ClickHouse to support 6M requests per second.

GitLab’s APM datastore

Watch this YouTube video showing why GitLab chose ClickHouse over Timescale to power their APM infrastructure.

**FAQs**

Wherever you need us, we’re there. We love to engage in thoughtful conversation with the ClickHouse community and are always on-hand to answer your questions.

Ask us anything

CVE-2022-44011: Fast Open-Source OLAP DBMS - ClickHouse

An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files. 

**SN No.** HSRC-202311-02

**Edit:** Hikvision Security Response Center (HSRC)

**Initial Release Date:** 2023-11-23

**Summary**

1\. A buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in. 

2. An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files. 

**CVE ID**

CVE-2023-28812

CVE-2023-28813

**Scoring**

CVSS v3.1 is adopted in this vulnerability scoring(http://www.first.org/cvss/specification-document)

CVE-2023-28812

Base score：9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVE-2023-28813

Base score：8.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H) 

**Affected Versions and Fix**

**Product Name**

**Affected Versions**

**Resolved Version**

LocalServiceComponents

version 1.0.0.78 and the versions prior to it

1.0.0.81

**Obtaining Fixed Version**

Users can download the patch on the Hikvision official website.(https://www.hikvision.com/en/support/tools/hitools/cl31f95c645ddb0235/)  

**Source of vulnerability information**

This vulnerability is reported to HSRC by Team.ENVY (KITRI BoB 12th).

**Contact Us**

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.

Hikvision would like to thank all security researchers for your attention to our products.

Tag

#buffer_overflow