clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
{ "binaries": [ { "binary_name": "python3-clickhouse-driver", "binary_version": "0.2.0-1" }, { "binary_name": "python3-clickhouse-driver-dbgsym", "binary_version": "0.2.0-1" }, { "binary_name": "python3-clickhouse-driver-doc", "binary_version": "0.2.0-1" } ], "availability": "No subscription required", "ubuntu_priority": "untriaged" }