CVE-2025-1386

Medium CVSS: 5.9

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.

Vendor

Clickhouse

Product

CWE

CWE-444

Yayın Tarihi

2025-04-11 05:15:29

Güncelleme

2025-12-19 18:47:13

Source Identifier

cb7ba516-3b07-4c98-b0c2-715220f1a8f6

KEV Date Added

Kategoriler

CWE-444 Ch MEDIUM Clickhouse 2025

Referanslar

https://github.com/ClickHouse/ch-go/security/advisories/GHSA-m454-3xv7-qj85