exploitDog

GHSA-7jwh-3vrq-q3m8

Опубликовано: 04 мар. 2024

Источник: github

Github: Прошло ревью

CVSS4: 8.1

CVSS3: 9.8

Описание

pgproto3 SQL Injection via Protocol Message Size Overflow

Impact

SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control.

Patches

The problem is resolved in v2.3.3

Workarounds

Reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

Ссылки

Пакеты

Наименование

github.com/jackc/pgproto3

go

Затронутые версииВерсия исправления

< 2.3.3

2.3.3

Наименование

github.com/jackc/pgproto3/v2

go

Затронутые версииВерсия исправления

< 2.3.3

2.3.3

8.1 High

CVSS4

9.8 Critical

CVSS3

Дефекты

CWE-190

CWE-89

8.1 High

CVSS4

9.8 Critical

CVSS3

Дефекты

CWE-190

CWE-89