GHSA-vgv5-cxvh-vfxh

Опубликовано: 07 апр. 2021

Источник: github

Github: Прошло ревью

CVSS4: 9.3

CVSS3: 9.8

Описание

Arbitrary code execution in clickhouse-driver

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.

Ссылки

Пакеты

Наименование

clickhouse-driver

pip

Затронутые версииВерсия исправления

< 0.1.5

0.1.5

EPSS

Процентиль: 86%

0.03109

Низкий

9.3 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2020-26759

Дефекты

CWE-120

Связанные уязвимости

CVE-2020-26759

CVSS3: 9.8

ubuntu

около 5 лет назад

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.

CVE-2020-26759

CVSS3: 9.8

nvd

около 5 лет назад

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.

CVE-2020-26759

CVSS3: 9.8

debian

около 5 лет назад

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to ...

EPSS

Процентиль: 86%

0.03109

Низкий

9.3 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2020-26759

Дефекты

CWE-120