CVE-2020-26759

CRITICAL

clickhouse-driver <0.1.5 - Buffer Overflow

Title source: llm

Description

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.

References (2)

Core 2

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0311

EPSS Percentile 86.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (2)

clickhouse-driver_project/clickhouse-driver < 0.1.5

pypi/clickhouse-driver 0 - 0.1.5PyPI

Published Jan 06, 2021

Tracked Since Feb 18, 2026