Vulnerability Description
clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clickhouse-Driver Project | Clickhouse-Driver | < 0.1.5 |
Related Weaknesses (CWE)
References
- https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0fPatchThird Party Advisory
- https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21dePatchThird Party Advisory
- https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0fPatchThird Party Advisory
- https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21dePatchThird Party Advisory
FAQ
What is CVE-2020-26759?
CVE-2020-26759 is a vulnerability with a CVSS score of 9.8 (CRITICAL). clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
How severe is CVE-2020-26759?
CVE-2020-26759 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-26759?
Check the references section above for vendor advisories and patch information. Affected products include: Clickhouse-Driver Project Clickhouse-Driver.