Moderate severityNVD Advisory· Published Apr 11, 2025· Updated Apr 11, 2025
Query smuggling in ch-go library
CVE-2025-1386
Description
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ClickHouse/ch-goGo | < 0.65.0 | 0.65.0 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/telegraf-1.33pkg:apk/chainguard/telegraf-1.34pkg:apk/chainguard/teleportpkg:apk/wolfi/telegraf-1.33pkg:apk/wolfi/telegraf-1.34pkg:apk/wolfi/teleportpkg:golang/github.com/clickhouse/ch-gopkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0+ 7 more
- (no CPE)range: < 0
- (no CPE)range: < 1.34.2-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.34.2-r0
- (no CPE)range: < 0
- (no CPE)range: < 0.65.0
- (no CPE)range: < 0.0.20250422T181640-1.1
- ch-go/ch-gov5Range: 0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.