Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-27304

Опубликовано: 06 мар. 2024
Источник: debian
EPSS Низкий

Описание

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-github-jackc-pgxfixed4.18.1-2package
golang-github-jackc-pgxno-dsabookwormpackage
golang-github-jackc-pgxno-dsabullseyepackage

Примечания

  • https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv

  • https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4 (v5.5.4)

  • https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8 (v5.5.4)

  • https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df (v4.18.2)

EPSS

Процентиль: 84%
0.02175
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-27304

CVSS3: 9.8
ubuntu
почти 2 года назад

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

redhat логотип

CVE-2024-27304

CVSS3: 8.1
redhat
почти 2 года назад

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

nvd логотип

CVE-2024-27304

CVSS3: 9.8
nvd
почти 2 года назад

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

msrc логотип

CVE-2024-27304

CVSS3: 9.8
msrc
больше 1 года назад

pgx SQL Injection via Protocol Message Size Overflow

github логотип

GHSA-mrww-27vc-gghv

CVSS3: 9.8
github
почти 2 года назад

pgx SQL Injection via Protocol Message Size Overflow

EPSS

Процентиль: 84%
0.02175
Низкий