Unrated severityNVD Advisory· Published Aug 15, 2019· Updated Aug 5, 2024
CVE-2018-14671
CVE-2018-14671
Description
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
Affected products
1- Range: All versions prior to version 18.10.3.
Patches
1940a4530348aAuto version update to [18.10.3] [54405]
5 files changed · +9 −9
dbms/cmake/version.cmake+4 −4 modified@@ -2,10 +2,10 @@ set(VERSION_REVISION 54405 CACHE STRING "") set(VERSION_MAJOR 18 CACHE STRING "") set(VERSION_MINOR 10 CACHE STRING "") -set(VERSION_PATCH 2 CACHE STRING "") -set(VERSION_GITHASH 39bee180bd7c15dbb35244cc78387628345c1efe CACHE STRING "") -set(VERSION_DESCRIBE v18.10.2-testing CACHE STRING "") -set(VERSION_STRING 18.10.2 CACHE STRING "") +set(VERSION_PATCH 3 CACHE STRING "") +set(VERSION_GITHASH 1fa1b34f1ab01ea2e1a833eebd36a4806e529f52 CACHE STRING "") +set(VERSION_DESCRIBE v18.10.3-testing CACHE STRING "") +set(VERSION_STRING 18.10.3 CACHE STRING "") # end of autochange set(VERSION_EXTRA "" CACHE STRING "")
debian/changelog+2 −2 modified@@ -1,5 +1,5 @@ -clickhouse (18.10.2) unstable; urgency=low +clickhouse (18.10.3) unstable; urgency=low * Modified source code - -- <root@yandex-team.ru> Mon, 13 Aug 2018 11:30:02 +0300 + -- <root@yandex-team.ru> Mon, 13 Aug 2018 12:42:01 +0300
docker/client/Dockerfile+1 −1 modified@@ -1,7 +1,7 @@ FROM ubuntu:18.04 ARG repository="deb http://repo.yandex.ru/clickhouse/deb/stable/ main/" -ARG version=18.10.2 +ARG version=18.10.3 RUN apt-get update && \ apt-get install -y apt-transport-https dirmngr && \
docker/server/Dockerfile+1 −1 modified@@ -1,7 +1,7 @@ FROM ubuntu:18.04 ARG repository="deb http://repo.yandex.ru/clickhouse/deb/stable/ main/" -ARG version=18.10.2 +ARG version=18.10.3 RUN apt-get update && \ apt-get install -y apt-transport-https dirmngr && \
docker/test/Dockerfile+1 −1 modified@@ -1,7 +1,7 @@ FROM ubuntu:18.04 ARG repository="deb http://repo.yandex.ru/clickhouse/deb/stable/ main/" -ARG version=18.10.2 +ARG version=18.10.3 RUN apt-get update && \ apt-get install -y apt-transport-https dirmngr && \
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- clickhouse.yandex/docs/en/security_changelog/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.