Описание
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
Отчет
The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious “BYO Postgres” server. The first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate) The other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate) Based on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-controller-rhel9 | Affected | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-agent-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-agent-rhel9 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-controller-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-controller-rhel9 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-rhel9 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-8-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-9-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
The DataRow.Decode function fails to properly validate field lengths. ...
EPSS
7.5 High
CVSS3