CVE-2020-26759

2021-01-0612:56:55

mitre

www.cve.org

clickhouse-driver buffer overflow database client server response crafted server response code execution crash cve-2020-26759

AI Score

9.7

Confidence

High

EPSS

0.005

Percentile

75.5%

JSON

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.

References

github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b

github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598