Candidate: CVE-2020-26759
PublicDate: 2021-01-06 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26759
 https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b
 https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598
Description:
 clickhouse-driver before 0.1.5 allows a malicious clickhouse server to
 trigger a crash or execute arbitrary code (on a database client) via a
 crafted server response, due to a buffer overflow.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_python-clickhouse-driver:
upstream_python-clickhouse-driver: released (0.2.0-1)
precise/esm_python-clickhouse-driver: DNE
trusty_python-clickhouse-driver: ignored (out of standard support)
trusty/esm_python-clickhouse-driver: DNE
xenial_python-clickhouse-driver: DNE
bionic_python-clickhouse-driver: DNE
focal_python-clickhouse-driver: DNE
groovy_python-clickhouse-driver: ignored (reached end-of-life)
hirsute_python-clickhouse-driver: not-affected (0.2.0-1)
impish_python-clickhouse-driver: not-affected (0.2.0-1)
jammy_python-clickhouse-driver: not-affected (0.2.0-1)
devel_python-clickhouse-driver: not-affected (0.2.0-1)