Описание
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| jammy | released | 14.22-0ubuntu0.22.04.1 |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| jammy | DNE | |
| noble | released | 16.13-0ubuntu0.24.04.1 |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| jammy | DNE | |
| noble | DNE | |
| questing | released | 17.9-0ubuntu0.25.10.1 |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 18.3-1 |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | not-affected | 18.3-1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | deferred | 2019-08-23 |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/xenial | needs-triage | |
| esm-infra/xenial | ignored | end of ESM support, was needs-triage |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | ignored | end of life |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Missing validation of multibyte character length in PostgreSQL text ma ...
EPSS
8.8 High
CVSS3