CVE-2025-4207

Опубликовано: 08 мая 2025

Источник: redhat

CVSS3: 5.9

Описание

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	libpq	Fix deferred
Red Hat Enterprise Linux 6	postgresql	Out of support scope
Red Hat Enterprise Linux 7	postgresql	Fix deferred
Red Hat Enterprise Linux 8	libpq	Fix deferred
Red Hat Enterprise Linux 8	postgresql:12/postgresql	Fix deferred
Red Hat Enterprise Linux 9	libpq	Fix deferred
Red Hat Enterprise Linux 9	postgresql	Fix deferred
Red Hat Enterprise Linux 10	postgresql16	Fixed	RHSA-2025:14826	28.08.2025
Red Hat Enterprise Linux 8	postgresql	Fixed	RHSA-2025:14899	28.08.2025
Red Hat Enterprise Linux 8	postgresql	Fixed	RHSA-2025:15021	02.09.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-126

https://bugzilla.redhat.com/show_bug.cgi?id=2365111postgresql: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

5.9 Medium

CVSS3