CVE-2025-1386 Information

Description

When using the ch-go library under a specific condition when the query includes a large uncompressed malicious external data it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.

Reference

https://github.com/ClickHouse/ch-go/security/advisories/GHSA-m454-3xv7-qj85