clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
References
Link | Resource |
---|---|
https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598 | Patch Third Party Advisory |
https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b | Patch Third Party Advisory |
Configurations
Information
Published : 2021-01-06 05:15
Updated : 2021-01-08 13:19
NVD link : CVE-2020-26759
Mitre link : CVE-2020-26759
JSON object : View
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Products Affected
clickhouse-driver_project
- clickhouse-driver