Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-41862

Опубликовано: 09 фев. 2023
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Apicurio Registry 2quarkus-jdbc-postgresql-deploymentNot affected
Red Hat build of Quarkusorg.postgresql/postgresqlNot affected
Red Hat Decision Manager 7jdbc-postgresqlNot affected
Red Hat Enterprise Linux 6postgresql-jdbcOut of support scope
Red Hat Enterprise Linux 7postgresql-jdbcOut of support scope
Red Hat Enterprise Linux 8libreoffice:flatpak/libreofficeFix deferred
Red Hat Enterprise Linux 8postgresql:10/postgresqlFix deferred
Red Hat Enterprise Linux 8postgresql-jdbcNot affected
Red Hat Enterprise Linux 9postgresql-jdbcNot affected
Red Hat Fuse 7jdbc-postgresqlNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2165722postgresql: Client memory disclosure when connecting with Kerberos to modified server

EPSS

Процентиль: 40%
0.00181
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-41862

CVSS3: 3.7
ubuntu
больше 2 лет назад

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

nvd логотип

CVE-2022-41862

CVSS3: 3.7
nvd
больше 2 лет назад

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

msrc логотип

CVE-2022-41862

CVSS3: 3.7
msrc
11 месяцев назад

Описание отсутствует

debian логотип

CVE-2022-41862

CVSS3: 3.7
debian
больше 2 лет назад

In PostgreSQL, a modified, unauthenticated server can send an untermin ...

suse-cvrf логотип

SUSE-SU-2023:0705-1

suse-cvrf
больше 2 лет назад

Security update for postgresql14

EPSS

Процентиль: 40%
0.00181
Низкий

3.7 Low

CVSS3

Уязвимость CVE-2022-41862