CVE-2018-14671Improper Input Validation in Clickhouse

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.2%
top 21.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Clickhouse
Timeline
PublishedAug 15
Latest updateMay 24

Description

In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDclickhouse/clickhouse< 18.10.3
Ubuntuclickhouse/clickhouse< 18.16.1+ds-7
CVEListV5clickhouse/clickhouseAll versions prior to version 18.10.3.

🔴Vulnerability Details

2
GHSA
GHSA-82pw-c344-33pq: In ClickHouse before 182022-05-24
OSV
CVE-2018-14671: In ClickHouse before 182019-08-15