Unrated severityNVD Advisory· Published Aug 15, 2019· Updated Aug 5, 2024

CVE-2018-14670

Description

Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.

Affected products

Clickhouse/Clickhousev5
Range: All versions prior to version 1.1.54131.

Patches

ceb4d4a3a5d5

fix build (do not remove my_compress.c.o from libmysqlclient.a) [#METR-23582]

https://github.com/clickhouse/clickhouseAlexey ZatelepinJan 9, 2017via osv

commit

1 file changed · +1 −1

libs/libmysqlxx/patch.sh+1 −1 modified

@@ -11,6 +11,6 @@ mkdir -p tmp
 cd tmp
 
 ar x $LIB
-ar t $LIB | grep -v 'my_new.cc.o' | egrep -v $ZLIB_OBJS_REGEX | xargs ar rcs $OUT
+ar t $LIB | grep -v 'my_new.cc.o' | egrep --word-regex -v $ZLIB_OBJS_REGEX | xargs ar rcs $OUT
 
 cd ..

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

clickhouse.yandex/docs/en/security_changelog/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000