Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-4207

Опубликовано: 08 мая 2025
Источник: debian

Описание

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
postgresql-17fixed17.5-1package
postgresql-15removedpackage
postgresql-15fixed15.13-0+deb12u1bookwormpackage
postgresql-13removedpackage

Примечания

  • https://www.postgresql.org/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/

  • https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ec5f89e8a29f32c7dbc4dd8734ed8406d771de2f (REL_17_5)

  • https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=44ba3f55f552b56b2fbefae028fcf3ea5b53461d (REL_15_13)

  • https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cbadeaca9271a1bade8ef9790bae09dc92e0ed30 (REL_13_21)

Связанные уязвимости

ubuntu логотип

CVE-2025-4207

CVSS3: 5.9
ubuntu
около 1 месяца назад

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

redhat логотип

CVE-2025-4207

CVSS3: 5.9
redhat
около 1 месяца назад

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

nvd логотип

CVE-2025-4207

CVSS3: 5.9
nvd
около 1 месяца назад

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

suse-cvrf логотип

SUSE-SU-2025:01786-1

suse-cvrf
20 дней назад

Security update for postgresql14

suse-cvrf логотип

SUSE-SU-2025:01785-1

suse-cvrf
20 дней назад

Security update for postgresql15