{"id":"PYSEC-2021-61","details":"clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.","aliases":["BIT-clickhouse-2020-26759","CVE-2020-26759","GHSA-vgv5-cxvh-vfxh"],"modified":"2023-12-06T01:00:28.835555Z","published":"2021-01-06T13:15:00Z","references":[{"type":"FIX","url":"https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598"},{"type":"FIX","url":"https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-vgv5-cxvh-vfxh"}],"affected":[{"package":{"name":"clickhouse-driver","ecosystem":"PyPI","purl":"pkg:pypi/clickhouse-driver"},"ranges":[{"type":"GIT","repo":"https://github.com/mymarilyn/clickhouse-driver","events":[{"introduced":"0"},{"fixed":"d708ed548e1d6f254ba81a21de8ba543a53b5598"},{"fixed":"3e990547e064b8fca916b23a0f7d6fe8c63c7f6b"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.1.5"}]}],"versions":["0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9","0.0.10","0.0.11","0.0.12","0.0.13","0.0.14","0.0.15","0.0.16","0.0.17","0.0.18","0.0.19","0.0.20","0.1.0","0.1.1","0.1.2","0.1.3","0.1.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/clickhouse-driver/PYSEC-2021-61.yaml"}}],"schema_version":"1.7.3"}