Описание
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.
Отчет
This issue is rated Moderate severity by Red Hat Product Security, even though it carries a High CVSS v3.1 score. The flaw resides in the libpq client library and can be triggered when a client receives specially crafted PostgreSQL protocol data that causes an integer wraparound and an out-of-bounds write. The attack complexity is Low because the malformed protocol message is processed immediately during connection, with no timing or environmental conditions required. However, the impact is limited to a denial of service of the client application only. As a result, Red Hat classifies the overall product impact as Moderate, reflecting that the flaw can interrupt client availability.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 8 | postgresql:12/postgresql | Not affected | ||
| Red Hat Enterprise Linux 10 | postgresql16 | Fixed | RHSA-2026:0525 | 13.01.2026 |
| Red Hat Enterprise Linux 10 | libpq | Fixed | RHSA-2026:0594 | 14.01.2026 |
| Red Hat Enterprise Linux 10.0 Extended Update Support | postgresql16 | Fixed | RHSA-2026:0456 | 12.01.2026 |
| Red Hat Enterprise Linux 10.0 Extended Update Support | libpq | Fixed | RHSA-2026:0865 | 20.01.2026 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2026:0519 | 13.01.2026 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2026:0523 | 13.01.2026 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2026:0524 | 13.01.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
PostgreSQL libpq undersizes allocations, via integer wraparound
Integer wraparound in multiple PostgreSQL libpq client library functio ...
EPSS
7.5 High
CVSS3