Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-2007

Опубликовано: 12 фев. 2026
Источник: debian

Описание

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
postgresql-18fixed18.2-1package
postgresql-17not-affectedpackage
postgresql-15not-affectedpackage
postgresql-13not-affectedpackage

Примечания

  • https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=18548681da38b2376d0c071d568b9d0c1f8b6ad2 (REL_18_2)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e0965fb1a8550716db08e2183560be3546851647 (REL_18_2)

Связанные уязвимости

ubuntu логотип

CVE-2026-2007

CVSS3: 8.2
ubuntu
4 месяца назад

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

redhat логотип

CVE-2026-2007

CVSS3: 8.2
redhat
4 месяца назад

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

nvd логотип

CVE-2026-2007

CVSS3: 8.2
nvd
4 месяца назад

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

github логотип

GHSA-5pr9-9395-q5gq

CVSS3: 8.2
github
4 месяца назад

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

fstec логотип

BDU:2026-01724

CVSS3: 8.2
fstec
4 месяца назад

Уязвимость компонента pg_trgm системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии