RockyLinux 10 : osbuild-composer (RLSA-2026:22450)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22450 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server

A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out ...

SUSE CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

Linux Distros Unpatched Vulnerability : CVE-2026-32286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative...

CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

UBUNTU-CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32286

CVE-2026-32286 relates to the Go PostgreSQL wire protocol parser (DataRow.Decode) failing to validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic in the affected code path. The issue...

EUVD-2026-16347

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

SUSE CVE-2026-4427

Duplicate of CVE-2026-32286...

EUVD-2026-13115

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...

Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow...

CVE-2026-4427

Rejected reason: Duplicate of CVE-2026-32286...

CVE-2026-4427

...

CVE-2026-4427

Duplicate of CVE-2026-32286...

CVE-2026-4427

...

CVE-2026-4427

Summary of CVE-2026-4427 : The vulnerability is in the pgproto3 data-path used for PostgreSQL wire protocol parsing. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, triggering an input-validation failure that causes a slice-bounds panic and le...

CVE-2026-4427

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...

Linux Distros Unpatched Vulnerability : CVE-2026-4427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This inpu...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the DataRow.Decode function. An attacker can cause a panic and potentially disrupt application availability by sending a DataRow message with a negative field length from a malicious or compromised PostgreS...