PostgreSQL 14.x < 14.23 / 15.x < 15.18 / 16.x < 16.14 / 17.x < 17.10 / 18.x < 18.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 14 prior to 14.23, 15 prior to 15.18, 16 prior to 16.14, 17 prior to 17.10, or 18 prior to 18.4. As such, it is potentially affected by multiple vulnerabilities: - Stack buffer overflow in PostgreSQL module refint allows an unprivileged...

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

PT-2026-40922

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description The use of the dangerous function PQfn..., result is int=...