Vulnerabilities > CVE-2021-42389 - Divide By Zero vulnerability in Yandex Clickhouse

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

yandex

CWE-369

NVD

Published: 2022-03-14

Updated: 2022-03-22

Summary

Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

Vulnerable Configurations

Part	Description	Count
Application	Yandex Yandex Clickhouse - Yandex Clickhouse 1.1.54011 Yandex Clickhouse 1.1.54019 Yandex Clickhouse 1.1.54020 Yandex Clickhouse 1.1.54022 Yandex Clickhouse 1.1.54023 Yandex Clickhouse 1.1.54030 Yandex Clickhouse 1.1.54046 Yandex Clickhouse 1.1.54074 Yandex Clickhouse 1.1.54080 Yandex Clickhouse 1.1.54083 Yandex Clickhouse 1.1.54112 Yandex Clickhouse 1.1.54127 Yandex Clickhouse 1.1.54131 Yandex Clickhouse 1.1.54133 Yandex Clickhouse 1.1.54134 Yandex Clickhouse 1.1.54135 Yandex Clickhouse 1.1.54144 Yandex Clickhouse 1.1.54159 Yandex Clickhouse 1.1.54165 Yandex Clickhouse 1.1.54181 Yandex Clickhouse 1.1.54188 Yandex Clickhouse 1.1.54190 Yandex Clickhouse 1.1.54198 Yandex Clickhouse 1.1.54231 Yandex Clickhouse 1.1.54236 Yandex Clickhouse 1.1.54242 Yandex Clickhouse 1.1.54245 Yandex Clickhouse 1.1.54276 Yandex Clickhouse 1.1.54282 Yandex Clickhouse 1.1.54284 Yandex Clickhouse 1.1.54289 Yandex Clickhouse 1.1.54292 Yandex Clickhouse 1.1.54304 Yandex Clickhouse 1.1.54310 Yandex Clickhouse 1.1.54318 Yandex Clickhouse 1.1.54327 Yandex Clickhouse 1.1.54335 Yandex Clickhouse 1.1.54336 Yandex Clickhouse 1.1.54337 Yandex Clickhouse 1.1.54342 Yandex Clickhouse 1.1.54343 Yandex Clickhouse 1.1.54358 Yandex Clickhouse 1.1.54362 Yandex Clickhouse 1.1.54370 Yandex Clickhouse 1.1.54378 Yandex Clickhouse 1.1.54380 Yandex Clickhouse 1.1.54381 Yandex Clickhouse 1.1.54383 Yandex Clickhouse 1.1.54385 Yandex Clickhouse 1.1.54388 Yandex Clickhouse 1.1.54390 Yandex Clickhouse 1.1.54394 Yandex Clickhouse 18.1.0 Yandex Clickhouse 18.4.0 Yandex Clickhouse 18.5.1 Yandex Clickhouse 18.6.0 Yandex Clickhouse 18.10.3 Yandex Clickhouse 18.12.13 Yandex Clickhouse 18.12.14 Yandex Clickhouse 18.12.17 Yandex Clickhouse 18.14.8 Yandex Clickhouse 18.14.9 Yandex Clickhouse 18.14.10 Yandex Clickhouse 18.14.11 Yandex Clickhouse 18.14.12 Yandex Clickhouse 18.14.13 Yandex Clickhouse 18.14.14 Yandex Clickhouse 18.14.15 Yandex Clickhouse 18.14.17 Yandex Clickhouse 18.14.18 Yandex Clickhouse 18.14.19 Yandex Clickhouse 18.16.0 Yandex Clickhouse 18.16.1 Yandex Clickhouse 19.1.5 Yandex Clickhouse 19.1.6 Yandex Clickhouse 19.1.7 Yandex Clickhouse 19.1.8 Yandex Clickhouse 19.1.9 Yandex Clickhouse 19.1.10 Yandex Clickhouse 19.1.13 Yandex Clickhouse 19.1.14 Yandex Clickhouse 19.1.15.73 Yandex Clickhouse 19.1.16.79 Yandex Clickhouse 19.3.3 Yandex Clickhouse 19.3.4 Yandex Clickhouse 19.3.5 Yandex Clickhouse 19.3.6 Yandex Clickhouse 19.3.7 Yandex Clickhouse 19.3.8.6 Yandex Clickhouse 19.3.9.12 Yandex Clickhouse 19.4.0.49 Yandex Clickhouse 19.4.1.3 Yandex Clickhouse 19.4.2.7 Yandex Clickhouse 19.4.3.11 Yandex Clickhouse 19.4.4.33 Yandex Clickhouse 19.4.5.35 Yandex Clickhouse 19.5.2.6 Yandex Clickhouse 19.5.3.8 Yandex Clickhouse 19.5.4.22 Yandex Clickhouse 19.6.2.11 Yandex Clickhouse 19.6.3.18 Yandex Clickhouse 19.7.3.9 Yandex Clickhouse 19.7.5.27 Yandex Clickhouse 19.7.5.29 Yandex Clickhouse 19.8.3.8 Yandex Clickhouse 19.9.2.4 Yandex Clickhouse 19.9.3.31 Yandex Clickhouse 19.9.4.34 Yandex Clickhouse 19.9.5.36 Yandex Clickhouse 19.10.1.5 Yandex Clickhouse 19.11.2.7 Yandex Clickhouse 19.11.3.11 Yandex Clickhouse 19.11.4.24 Yandex Clickhouse 19.11.5.28 Yandex Clickhouse 19.11.6.31 Yandex Clickhouse 19.11.7.40 Yandex Clickhouse 19.11.8.46 Yandex Clickhouse 19.11.9.52 Yandex Clickhouse 19.11.10.54 Yandex Clickhouse 19.11.11.57 Yandex Clickhouse 19.11.12.69 Yandex Clickhouse 19.11.13.74 Yandex Clickhouse 19.13.1.11 Yandex Clickhouse 19.13.2.19 Yandex Clickhouse 19.13.3.26 Yandex Clickhouse 19.13.4.32 Yandex Clickhouse 19.13.5.44 Yandex Clickhouse 19.13.6.1 Yandex Clickhouse 19.13.6.51 Yandex Clickhouse 19.13.7.57 Yandex Clickhouse 19.14 Yandex Clickhouse 19.14.1.1095 Yandex Clickhouse 19.14.1.1104 Yandex Clickhouse 19.14.1.1112 Yandex Clickhouse 19.14.1.1129 Yandex Clickhouse 19.14.1.1138 Yandex Clickhouse 19.14.1.1144 Yandex Clickhouse 19.14.1.1163 Yandex Clickhouse 19.14.1.1171 Yandex Clickhouse 19.14.1.1175 Yandex Clickhouse 19.14.1.1176 Yandex Clickhouse 19.14.1.1177 Yandex Clickhouse 19.14.1.1180 Yandex Clickhouse 19.14.1.1184 Yandex Clickhouse 19.14.1.1190 Yandex Clickhouse 19.14.1.1196 Yandex Clickhouse 19.14.1.1203 Yandex Clickhouse 19.14.1.1205 Yandex Clickhouse 19.14.1.1219 Yandex Clickhouse 19.14.1.1225 Yandex Clickhouse 19.14.1.1229 Yandex Clickhouse 19.14.1.1233 Yandex Clickhouse 19.14.1.1235 Yandex Clickhouse 19.14.1.1238 Yandex Clickhouse 19.14.1.1246 Yandex Clickhouse 19.14.1.1254 Yandex Clickhouse 19.14.1.1259 Yandex Clickhouse 19.14.1.1266 Yandex Clickhouse 19.14.1.1270 Yandex Clickhouse 19.14.1.1274 Yandex Clickhouse 19.14.2.2 Yandex Clickhouse 19.14.3 Yandex Clickhouse 19.14.3.3 Yandex Clickhouse 19.14.4.9 Yandex Clickhouse 19.14.5.10 Yandex Clickhouse 19.14.6.12 Yandex Clickhouse 19.14.7.15 Yandex Clickhouse 19.14.8.9 Yandex Clickhouse 19.14.9.12 Yandex Clickhouse 19.14.10.16 Yandex Clickhouse 19.15.1.1276 Yandex Clickhouse 19.15.1.1285 Yandex Clickhouse 19.15.1.1286 Yandex Clickhouse 19.15.1.1287 Yandex Clickhouse 19.15.1.1288 Yandex Clickhouse 19.15.1.1294 Yandex Clickhouse 19.15.1.1299 Yandex Clickhouse 19.15.1.1303 Yandex Clickhouse 19.15.1.1310 Yandex Clickhouse 19.15.1.1314 Yandex Clickhouse 19.15.1.1317 Yandex Clickhouse 19.15.1.1318 Yandex Clickhouse 19.15.1.1321 Yandex Clickhouse 19.15.1.1322 Yandex Clickhouse 19.15.1.1323 Yandex Clickhouse 19.15.1.1325 Yandex Clickhouse 19.15.1.1327 Yandex Clickhouse 19.15.1.1329 Yandex Clickhouse 19.15.1.1334 Yandex Clickhouse 19.15.1.1337 Yandex Clickhouse 19.15.1.1340 Yandex Clickhouse 19.15.1.1350 Yandex Clickhouse 19.15.1.1353 Yandex Clickhouse 19.15.1.1356 Yandex Clickhouse 19.15.1.1357 Yandex Clickhouse 19.15.1.1366 Yandex Clickhouse 19.15.1.1370 Yandex Clickhouse 19.15.1.1372 Yandex Clickhouse 19.15.1.1374 Yandex Clickhouse 19.15.2.2 Yandex Clickhouse 19.15.3.6 Yandex Clickhouse 19.15.4.10 Yandex Clickhouse 19.15.5.18 Yandex Clickhouse 19.15.6.21 Yandex Clickhouse 19.15.7.30 Yandex Clickhouse 19.16.1.1414 Yandex Clickhouse 19.16.1.1436 Yandex Clickhouse 19.16.1.1437 Yandex Clickhouse 19.16.1.1440 Yandex Clickhouse 19.16.1.1444 Yandex Clickhouse 19.16.1.1451 Yandex Clickhouse 19.16.1.1454 Yandex Clickhouse 19.16.1.1457 Yandex Clickhouse 19.16.1.1459 Yandex Clickhouse 19.16.1.1467 Yandex Clickhouse 19.16.1.1472 Yandex Clickhouse 19.16.1.1475 Yandex Clickhouse 19.16.1.1484 Yandex Clickhouse 19.16.1.1486 Yandex Clickhouse 19.16.1.1488 Yandex Clickhouse 19.16.1.1491 Yandex Clickhouse 19.16.1.1493 Yandex Clickhouse 19.16.1.1496 Yandex Clickhouse 19.16.1.1498 Yandex Clickhouse 19.16.1.1500 Yandex Clickhouse 19.16.1.1507 Yandex Clickhouse 19.16.1.1510 Yandex Clickhouse 19.16.1.1513 Yandex Clickhouse 19.16.1.1514 Yandex Clickhouse 19.16.1.1524 Yandex Clickhouse 19.16.1.1532 Yandex Clickhouse 19.16.1.1533 Yandex Clickhouse 19.16.2.2 Yandex Clickhouse 19.16.2.2. Yandex Clickhouse 19.16.3.6 Yandex Clickhouse 19.16.4.12 Yandex Clickhouse 19.16.5.15 Yandex Clickhouse 19.16.6.17 Yandex Clickhouse 19.16.7.24 Yandex Clickhouse 19.16.8.34 Yandex Clickhouse 19.16.9.37 Yandex Clickhouse 19.16.10.44 Yandex Clickhouse 19.17.1.1537 Yandex Clickhouse 19.17.1.1539 Yandex Clickhouse 19.17.1.1544 Yandex Clickhouse 19.17.1.1547 Yandex Clickhouse 19.17.1.1553 Yandex Clickhouse 19.17.1.1573 Yandex Clickhouse 19.17.1.1579 Yandex Clickhouse 19.17.1.1589 Yandex Clickhouse 19.17.1.1597 Yandex Clickhouse 19.17.1.1601 Yandex Clickhouse 19.17.1.1603 Yandex Clickhouse 19.17.1.1605 Yandex Clickhouse 19.17.1.1613 Yandex Clickhouse 19.17.1.1620 Yandex Clickhouse 19.17.1.1627 Yandex Clickhouse 19.17.1.1634 Yandex Clickhouse 19.17.2.4 Yandex Clickhouse 19.17.3.7 Yandex Clickhouse 19.17.4.11 Yandex Clickhouse 19.17.5.18 Yandex Clickhouse 19.17.6.36 Yandex Clickhouse 19.18.1.1641 Yandex Clickhouse 19.18.1.1644 Yandex Clickhouse 19.18.1.1646 Yandex Clickhouse 19.18.1.1647 Yandex Clickhouse 19.18.1.1652 Yandex Clickhouse 19.18.1.1656 Yandex Clickhouse 19.18.1.1659 Yandex Clickhouse 19.18.1.1662 Yandex Clickhouse 19.18.1.1665 Yandex Clickhouse 19.18.1.1666 Yandex Clickhouse 19.18.1.1667 Yandex Clickhouse 19.18.1.1669 Yandex Clickhouse 19.18.1.1670 Yandex Clickhouse 19.18.1.1671 Yandex Clickhouse 19.18.1.1674 Yandex Clickhouse 19.18.1.1678 Yandex Clickhouse 19.18.1.1682 Yandex Clickhouse 19.18.1.1692 Yandex Clickhouse 19.18.1.1702 Yandex Clickhouse 19.18.1.1705 Yandex Clickhouse 19.18.1.1710 Yandex Clickhouse 19.18.1.1713 Yandex Clickhouse 19.18.1.1717 Yandex Clickhouse 19.18.1.1718 Yandex Clickhouse 19.18.1.1721 Yandex Clickhouse 19.18.1.1722 Yandex Clickhouse 19.18.1.1727 Yandex Clickhouse 19.18.1.1735 Yandex Clickhouse 19.18.1.1739 Yandex Clickhouse 19.18.1.1740 Yandex Clickhouse 19.18.1.1744 Yandex Clickhouse 19.18.1.1745 Yandex Clickhouse 19.18.1.1750 Yandex Clickhouse 19.18.1.1751 Yandex Clickhouse 19.18.1.1752 Yandex Clickhouse 19.18.1.1754 Yandex Clickhouse 19.18.1.1765 Yandex Clickhouse 19.18.1.1769 Yandex Clickhouse 19.18.1.1771 Yandex Clickhouse 19.18.1.1775 Yandex Clickhouse 19.18.1.1779 Yandex Clickhouse 19.18.1.1786 Yandex Clickhouse 19.18.1.1791 Yandex Clickhouse 19.18.1.1812 Yandex Clickhouse 19.19.1.1813 Yandex Clickhouse 19.19.1.1814 Yandex Clickhouse 19.19.1.1815 Yandex Clickhouse 19.19.1.1817 Yandex Clickhouse 19.19.1.1823 Yandex Clickhouse 19.19.1.1828 Yandex Clickhouse 19.19.1.1831 Yandex Clickhouse 19.19.1.1843 Yandex Clickhouse 19.19.1.1849 Yandex Clickhouse 19.19.1.1856 Yandex Clickhouse 19.19.1.1862 Yandex Clickhouse 19.19.1.1872 Yandex Clickhouse 19.19.1.1879 Yandex Clickhouse 19.19.1.1882 Yandex Clickhouse 19.19.1.1889 Yandex Clickhouse 19.19.1.1892 Yandex Clickhouse 19.19.1.1895 Yandex Clickhouse 19.19.1.1902 Yandex Clickhouse 19.19.1.1916 Yandex Clickhouse 19.19.1.1929 Yandex Clickhouse 19.19.1.1956 Yandex Clickhouse 19.19.1.1957 Yandex Clickhouse 19.19.1.1970 Yandex Clickhouse 19.19.1.1976 Yandex Clickhouse 19.19.1.2001 Yandex Clickhouse 19.19.1.2006 Yandex Clickhouse 19.19.1.2015 Yandex Clickhouse 19.19.1.2024 Yandex Clickhouse 19.19.1.2035 Yandex Clickhouse 20.1.1.2039 Yandex Clickhouse 20.1.1.2042 Yandex Clickhouse 20.8.18.32 Yandex Clickhouse 21.1.2.15 Yandex Clickhouse 21.1.9.41 Yandex Clickhouse 21.2.2.8 Yandex Clickhouse 21.2.9.41 Yandex Clickhouse 21.3 Yandex Clickhouse 21.3.6.55 Yandex Clickhouse 21.4 Yandex Clickhouse 21.4.3.21	348

Common Weakness Enumeration (CWE)

CWE-369 - Divide By Zero

References

https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References