Описание
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Applications 6 | mta/mta-hub-rhel8 | Will not fix | ||
| Migration Toolkit for Applications 6 | mta/mta-windup-addon-rhel9 | Will not fix | ||
| Multicluster Engine for Kubernetes | multicluster-engine/agent-service-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-agent-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-reporter-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-search-indexer-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-search-v2-api-rhel9 | Not affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-central-db-rhel8 | Out of support scope | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-main-rhel8 | Out of support scope |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur ...
pgx SQL Injection via Protocol Message Size Overflow
8.1 High
CVSS3