Описание
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
A flaw was found in pgvector. A buffer overflow vulnerability in the parallel Hierarchical Navigable Small World (HNSW) index build process allows a database user to exploit this flaw. This can lead to the disclosure of sensitive data from other database relations or cause the database server to crash, resulting in a denial of service.
Отчет
A buffer overflow during parallel HNSW index builds can be exploited by a database user, potentially leading to information disclosure from other database relations or a denial of service by crashing the database server, although the high impact on availability and confidentiality Red Hat Product Security team has rated this as having a moderate severity. This happens because, besides the low privileges required, to successfully exploit this flaw the attack needs to win a race condition among several worker threads which may be a task considered of a high complexity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-ocp-rag-rhel9 | Fix deferred | ||
| Red Hat Enterprise Linux 10 | postgresql16-pgvector | Under investigation | ||
| Red Hat Enterprise Linux 10 | postgresql18-pgvector | Under investigation | ||
| Red Hat Enterprise Linux 9 | postgresql:16/pgvector | Under investigation | ||
| Red Hat Trusted Profile Analyzer | rhtpa/rhtpa-trustification-service-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through ...
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
EPSS
6.8 Medium
CVSS3