CVE-2022-41862

Опубликовано: 09 фев. 2023

Источник: redhat

CVSS3: 3.7

Описание

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat build of Apicurio Registry 2	quarkus-jdbc-postgresql-deployment	Not affected
Red Hat build of Quarkus	org.postgresql/postgresql	Not affected
Red Hat Decision Manager 7	jdbc-postgresql	Not affected
Red Hat Enterprise Linux 6	postgresql-jdbc	Out of support scope
Red Hat Enterprise Linux 7	postgresql-jdbc	Out of support scope
Red Hat Enterprise Linux 8	libreoffice:flatpak/libreoffice	Fix deferred
Red Hat Enterprise Linux 8	postgresql:10/postgresql	Fix deferred
Red Hat Enterprise Linux 8	postgresql-jdbc	Not affected
Red Hat Enterprise Linux 9	postgresql-jdbc	Not affected
Red Hat Fuse 7	jdbc-postgresql	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=2165722postgresql: Client memory disclosure when connecting with Kerberos to modified server

3.7 Low

CVSS3

Связанные уязвимости

CVE-2022-41862

CVSS3: 3.7

ubuntu

больше 2 лет назад

CVE-2022-41862

CVSS3: 3.7

nvd

больше 2 лет назад

CVE-2022-41862

CVSS3: 3.7

msrc

6 месяцев назад

Описание отсутствует

CVE-2022-41862

CVSS3: 3.7

debian

больше 2 лет назад

In PostgreSQL, a modified, unauthenticated server can send an untermin ...

SUSE-SU-2023:0705-1

suse-cvrf

больше 2 лет назад

Security update for postgresql14

3.7 Low

CVSS3