Lucene search
GoogleOSV:GO-2024-2606HistoryMar 14, 2024 - 5:12 p.m.
SQL injection in github.com/jackc/pgproto3 and github.com/jackc/pgx
2024-03-1417:12:43
Google
osv.dev
24
sql injection
integer overflow
message size
4gb+
software vulnerability
An integer overflow in the calculated message size of a query or bind message could allow a single large message to be sent as multiple messages under the attacker’s control. This could lead to SQL injection if an attacker can cause a single query or bind message to exceed 4 GB in size.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/jackc/pgx/v5 | ge | 5.0.0 | |
| github.com/jackc/pgx/v4 | lt | 4.18.2 | |
| github.com/jackc/pgproto3/v2 | lt | 2.3.3 | |
| github.com/jackc/pgx/v5 | lt | 5.5.4 |
References
github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4
github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8
github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
Related
cvelist
cvelist
CVE-2024-27304 pgx SQL Injection via Protocol Message Size Overflow
2024-03-06 19:07:08
github
github
pgx SQL Injection via Protocol Message Size Overflow
2024-03-04 20:43:24
prion
prion
Integer overflow
2024-03-06 19:15:00
cgr
cgr
CVE-2024-27304 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-27304 vulnerabilities
2024-05-27 15:49:55
osv
osv
pgproto3 SQL Injection via Protocol Message Size Overflow
2024-03-04 20:45:25
CVE-2024-27304
2024-03-06 19:15:08
pgx SQL Injection via Protocol Message Size Overflow
2024-03-04 20:43:24
redhatcve
redhatcve
CVE-2024-27304
2024-03-06 21:22:40
ubuntucve
ubuntucve
CVE-2024-27304
2024-03-06 00:00:00
cve
cve
CVE-2024-27304
2024-03-06 19:15:08
veracode
veracode
Sql Injection
2024-03-05 07:01:06
debiancve
debiancve
CVE-2024-27304
2024-03-06 19:15:08
cbl_mariner
cbl_mariner
CVE-2024-27304 affecting package telegraf for versions less than 1.28.5-5
2024-05-27 15:49:20
redhat
redhat
(RHSA-2024:1321) Moderate: ACS 4.3 enhancement and security update
2024-03-13 20:53:28
