CVE-2018-14671 (NVD)

2019-08-15

In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.

Products Clickhouse
Type Improper Input Validation (CWE-20)
First patch - None (likely due to unavailable code)
Links https://clickhouse.yandex/docs/en/security_changelog/