CVE-2020-26759: Arbitrary code execution in clickhouse-driver
(updated )
clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
References
- github.com/advisories/GHSA-vgv5-cxvh-vfxh
- github.com/mymarilyn/clickhouse-driver
- github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b
- github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598
- github.com/pypa/advisory-database/tree/main/vulns/clickhouse-driver/PYSEC-2021-61.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-26759
Code Behaviors & Features
Detect and mitigate CVE-2020-26759 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →