{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T23:34:32.837","vulnerabilities":[{"cve":{"id":"CVE-2021-42390","sourceIdentifier":"reefs@jfrog.com","published":"2022-03-14T23:15:08.067","lastModified":"2025-06-25T20:49:29.357","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0."},{"lang":"es","value":"Una división por cero en el códec de compresión DeltaDouble de Clickhouse cuando es analizada una consulta maliciosa. El primer byte del búfer comprimido es usado en una operación de módulo sin que sea comprobado el 0"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"reefs@jfrog.com","type":"Secondary","description":[{"lang":"en","value":"CWE-369"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*","versionEndExcluding":"21.10.2.15","matchCriteriaId":"4CD6B56E-9355-4A1F-9FF8-4FA097CF8AB4"}]}]}],"references":[{"url":"https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms","source":"reefs@jfrog.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}