VYPR
Moderate severityNVD Advisory· Published Apr 11, 2025· Updated Apr 11, 2025

Query smuggling in ch-go library

CVE-2025-1386

Description

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/ClickHouse/ch-goGo
< 0.65.00.65.0

Affected products

9

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.