How To Fix CVE-2021-43304(5)- Heap Buffer Overflow Vulnerabilities In ClickHouse Database Management System

Security researchers JFrog have disclosed total multiple new high severity vulnerabilities in ClickHouse, an open-source database management system (DBMS) dedicated to online analytical processing (OLAP). The list is made up of seven vulnerabilities, ranging CVSS score from 6.5 to 8.8. It’s been said that attackers could weaponize these vulnerabilities to leak memory contents, remote code execution, and even crash the servers. Users of the ClickHouse Database Management System should consider reading this post because a user with the lowest privileges can trigger all the vulnerabilities. It is must to learn How to Fix CVE-2021-43304(5)- Heap Buffer Overflow Vulnerabilities in ClickHouse Database Management System.

What Is ClickHouse Database Management System?

ClickHouse is an open-source, high-performance columnar OLAP database management system developed by Yandex. It enables DB admins to generate holistic analytical reports using SQL queries in real-time.

List Of Other Vulnerabilities Disclosed In ClickHouse Database Management System:

These are the seven vulnerabilities disclosed in ClickHouse Database Management System:

• CVE-2021-43304 and CVE-2021-43305– heap buffer overflow vulnerabilities in LZ4 compression codec when parsing a malicious query
• CVE-2021-42387 and CVE-2021-42388 – heap out-of-bounds read vulnerabilities in LZ4 compression codec when parsing a malicious query
• CVE-2021-42389– divide by zero in Delta compression codec when parsing a malicious query
• CVE-2021-42390– divide by zero in Delta-Double compression codec when parsing a malicious query
• CVE-2021-42391– divide by zero in Gorilla compression codec when parsing a malicious query

Summary Of Vulnerabilities Disclosed In ClickHouse Database Management System:

All these vulnerabilities are post-authentication vulnerabilities. Attackers need to have a user to exploit these vulnerabilities. Due diligence is required for attackers to obtain user access (with the lowest privileges, such as a user with only read permissions) prior to exploitations. Attackers could weaponize these vulnerabilities to leak memory contents, remote code execution, and even crash the servers.

ClickHouse Versions Affected By These Vulnerabilities:

All the ClickHouse versions less than thenv21.10.2.15 are vulnerable. We recommend checking the version of ClickHouse on your servers and fixing the CVE-2021-43304(5) vulnerabilities as soon as possible. 

How To Fix CVE-2021-43304(5)- Heap Buffer Overflow Vulnerabilities In ClickHouse Database Management System?

There is no mitigation technique to fix these vulnerabilities in ClickHouse Database Management System. You should update ClickHouse to the v21.10.2.15-stable version to fix the flaws.

If it is not possible to upgrade anytime soon, block the access to the web port (8123) and the TCP server’s port (9000) to specific clients on firewalls.

We hope this post will help you know How to How to Fix CVE-2021-43304(5)- Heap Buffer Overflow Vulnerabilities in ClickHouse Database Management System. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this. 

• How To Fix CVE-2021-24084- Information Discloser Vulnerability In Windows 10?
• How To Fix CVE-2021-34991– A Pre-Authentication Buffer Overflow On Multiple Netgear Products?
• The Simplest Way To Install WordPress On Linux, Windows, And Cloud Servers!
• How To Fix Vulnerabilities Found In BusyBox Linux Utility?
• What Is A Buffer Overflow Attack And How To Prevent It?