Описание
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-controller-rhel9 | Affected | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-agent-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-agent-rhel9 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-controller-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-controller-rhel9 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-rhel9 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-8-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-9-rhel9 | Affected |
Показывать по
10
Ссылки на источники
Дополнительная информация
Статус:
Important
Дефект:
CWE-129
https://bugzilla.redhat.com/show_bug.cgi?id=2448626github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
github
21 день назад
Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode
7.5 High
CVSS3