Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-32286

Опубликовано: 26 мар. 2026
Источник: debian
EPSS Низкий

Описание

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-github-jackc-pgproto3fixed2.3.3-2package
golang-github-jackc-pgproto3no-dsatrixiepackage
golang-github-jackc-pgproto3no-dsabookwormpackage

Примечания

  • https://github.com/jackc/pgx/issues/2507

EPSS

Процентиль: 27%
0.00357
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-32286

CVSS3: 7.5
ubuntu
3 месяца назад

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

redhat логотип

CVE-2026-32286

CVSS3: 7.5
redhat
3 месяца назад

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

nvd логотип

CVE-2026-32286

CVSS3: 7.5
nvd
3 месяца назад

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

github логотип

GHSA-jqcq-xjh3-6g23

CVSS3: 7.5
github
3 месяца назад

Denial of service in github.com/jackc/pgproto3/v2

rocky логотип

RLSA-2026:22714

rocky
16 дней назад

Important: osbuild-composer security update

EPSS

Процентиль: 27%
0.00357
Низкий