Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-2006

Опубликовано: 12 фев. 2026
Источник: debian
EPSS Низкий

Описание

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
postgresql-18fixed18.2-1package
postgresql-17removedpackage
postgresql-15removedpackage
postgresql-13removedpackage

Примечания

  • https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=df0852fe037246289cc00b4d36da6c1f25ff5844 (REL_18_2)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=efef05ba995fb2f553c146acb5c33828cc4f898a (REL_18_2)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7b5fc85bef8a3baa530ec98f89376f9d4b7de83c (REL_18_2)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b0f5d25bc3679afaed69d367c72efd387c763d04 (REL_18_2)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b427091947e59788289e80f0ff4279cb7d32dab1 (REL_18_2)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4543b02af3d3077b8505d533dc51bd51fa47b34a (REL_18_2)

EPSS

Процентиль: 12%
0.0004
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-2006

CVSS3: 8.8
ubuntu
около 1 месяца назад

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

redhat логотип

CVE-2026-2006

CVSS3: 8.8
redhat
около 1 месяца назад

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

nvd логотип

CVE-2026-2006

CVSS3: 8.8
nvd
около 1 месяца назад

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

suse-cvrf логотип

SUSE-SU-2026:0787-1

suse-cvrf
22 дня назад

Security update for postgresql17

suse-cvrf логотип

SUSE-SU-2026:0785-1

suse-cvrf
22 дня назад

Security update for postgresql18

EPSS

Процентиль: 12%
0.0004
Низкий