What the vulnerability does

01Description

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

Key dates

02Disclosure timeline

March 14, 2022 CVE published
August 4, 2024 Record updated