CVE-2021-42391

Summary

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

Affected Software

VendorProductVersion RangeStatus
yandexclickhouseunspecified < 21.10.2.15-stableaffected

Weaknesses

  • CWE-369: CWE-369

ADP Enrichment

CVE Program Container

Additional References

References