clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
{ "nvd_published_at": "2021-01-06T13:15:00Z", "cwe_ids": [ "CWE-120" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2021-04-06T23:25:07Z" }
{ "affected_functions": [ "clickhouse_driver.bufferedreader.BufferedReader", "clickhouse_driver.bufferedreader.BufferedReader.read", "clickhouse_driver.bufferedreader.BufferedReader.read_strings", "clickhouse_driver.bufferedwriter.BufferedWriter", "clickhouse_driver.bufferedwriter.BufferedWriter.__init__", "clickhouse_driver.bufferedwriter.BufferedWriter.write" ] }