18 matches found
github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out ...
github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out ...
CVE-2026-32286
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...
CVE-2026-32286 Denial of service in github.com/jackc/pgproto3/v2
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...
SUSE CVE-2026-4427
Duplicate of CVE-2026-32286...
GHSA-X6GF-MPR2-68H6 Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow...
Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow...
CVE-2026-4427
Rejected reason: Duplicate of CVE-2026-32286...
CVE-2026-4427
...
CVE-2026-4427
Summary of CVE-2026-4427 : The vulnerability is in the pgproto3 data-path used for PostgreSQL wire protocol parsing. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, triggering an input-validation failure that causes a slice-bounds panic and le...
CVE-2026-4427
...
CVE-2026-4427
Duplicate of CVE-2026-32286...
CVE-2026-4427
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...
Denial of service in github.com/jackc/pgproto3/v2
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...
GHSA-JQCQ-XJH3-6G23 Denial of service in github.com/jackc/pgproto3/v2
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...
Improper Input Validation
Overview github.com/jackc/pgproto3/v2 is an encoder and decoder of the PostgreSQL wire protocol version 3. Affected versions of this package are vulnerable to Improper Input Validation via the DataRow.Decode function. An attacker can cause a panic and potentially disrupt application availability ...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the DataRow.Decode function. An attacker can cause a panic and potentially disrupt application availability by sending a DataRow message with a negative field length from a malicious or compromised PostgreS...
PT-2026-26292
Name of the Vulnerable Software and Affected Versions pgproto3 affected versions not specified Description A flaw exists in pgproto3 where a malicious or compromised PostgreSQL server can send a DataRow message containing a negative field length. This input validation issue can cause a denial of...