Описание
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-126: Buffer Over-read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Memory access boundaries are enforced through secure coding practices, including bounds checking and automated detection of over-read conditions during development. Static analysis and peer reviews catch improper memory handling early, reducing the risk of vulnerabilities reaching production. Memory protection mechanisms restrict access to allocated regions at runtime, and process isolation contains memory faults within the affected workload. Additionally, a defense-in-depth monitoring strategy supports real-time detection of anomalous memory activity, enabling rapid response and limiting potential impact.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libpq | Fix deferred | ||
| Red Hat Enterprise Linux 10 | postgresql16 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 | postgresql | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libpq | Fix deferred | ||
| Red Hat Enterprise Linux 8 | postgresql:12/postgresql | Fix deferred | ||
| Red Hat Enterprise Linux 8 | postgresql:13/postgresql | Fix deferred | ||
| Red Hat Enterprise Linux 8 | postgresql:15/postgresql | Fix deferred | ||
| Red Hat Enterprise Linux 8 | postgresql:16/postgresql | Fix deferred | ||
| Red Hat Enterprise Linux 9 | libpq | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
Buffer over-read in PostgreSQL GB18030 encoding validation allows a da ...
EPSS
5.9 Medium
CVSS3