Vulnerabilities

CVE-2025-1386

by Fred · 11/04/2025

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.

Assigner : security@clickhouse.com

More information : https://github.com/ClickHouse/ch-go/security/advisories/GHSA-m454-3xv7-qj85

Similar

Tags: Cybersecurity Alert