2022-03-14 00:00:00
JFROG
PUBLISHED
Heap buffer overflow in Clickhouses LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy