Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2024-27304

Опубликовано: 30 июн. 2024
Источник: msrc
CVSS3: 9.8
EPSS Низкий

Описание

pgx SQL Injection via Protocol Message Size Overflow

FAQ

Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?

One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

EPSS

Процентиль: 84%
0.02175
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-27304

CVSS3: 9.8
ubuntu
почти 2 года назад

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

redhat логотип

CVE-2024-27304

CVSS3: 8.1
redhat
почти 2 года назад

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

nvd логотип

CVE-2024-27304

CVSS3: 9.8
nvd
почти 2 года назад

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

debian логотип

CVE-2024-27304

CVSS3: 9.8
debian
почти 2 года назад

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur ...

github логотип

GHSA-mrww-27vc-gghv

CVSS3: 9.8
github
почти 2 года назад

pgx SQL Injection via Protocol Message Size Overflow

EPSS

Процентиль: 84%
0.02175
Низкий

9.8 Critical

CVSS3