CVE-2026-3172

Опубликовано: 25 фев. 2026

Источник: redhat

CVSS3: 6.8

EPSS Низкий

Описание

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

Отчет

A buffer overflow during parallel HNSW index builds can be exploited by a database user, potentially leading to information disclosure from other database relations or a denial of service by crashing the database server, although the high impact on availability and confidentiality Red Hat Product Security team has rated this as having a moderate severity. This happens because, besides the low privileges required, to successfully exploit this flaw the attack needs to win a race condition among several worker threads which may be a task considered of a high complexity.

Затронутые пакеты

Платформа	Пакет	Состояние
OpenShift Lightspeed	openshift-lightspeed/lightspeed-ocp-rag-rhel9	Fix deferred
Red Hat Enterprise Linux 10	postgresql16-pgvector	Under investigation
Red Hat Enterprise Linux 10	postgresql18-pgvector	Under investigation
Red Hat Enterprise Linux 9	postgresql:16/pgvector	Under investigation
Red Hat Trusted Profile Analyzer	rhtpa/rhtpa-trustification-service-rhel9	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=2443037pgvector: pgvector: Information disclosure or denial of service via buffer overflow in parallel HNSW index build

EPSS

Процентиль: 14%

0.00047

Низкий

6.8 Medium

CVSS3

Связанные уязвимости

CVE-2026-3172

CVSS3: 8.1

ubuntu

15 дней назад

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

CVE-2026-3172

CVSS3: 8.1

nvd

15 дней назад

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

CVE-2026-3172

CVSS3: 8.1

debian

15 дней назад

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through ...

GHSA-789c-mgqf-5hwx

CVSS3: 8.1

github

15 дней назад

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

EPSS

Процентиль: 14%

0.00047

Низкий

6.8 Medium

CVSS3