postgresql: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

A heap based buffer overflow has been discovered in postgresql. This heap buffer overflow is in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the...

ROS-20260429-73-0011

A vulnerability in the pgtrgm component of the PostgreSQL database management system is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

ROS-20260429-73-0012

A vulnerability in the pgtrgm component of the PostgreSQL database management system is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

SUSE-SU-2026:20921-1 Security update for postgresql18

This update for postgresql18 fixes the following issues: - Update to version 18.3. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

OPENSUSE-SU-2026:20408-1 Security update for postgresql18

This update for postgresql18 fixes the following issues: - Update to version 18.3. bsc1258754 - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector bsc1258008 - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data type...

Security update for postgresql18

This update for postgresql18 fixes the following issues: Update to version 18.3 bsc1258754. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to...

Security update for postgresql18

This update for postgresql18 fixes the following issues: Update to version 18.2. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to selectivity...

Security update for postgresql18

This update for postgresql18 fixes the following issues: Update to version 18.2. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to selectivity...

SUSE-SU-2026:0584-1 Security update for postgresql18

This update for postgresql18 fixes the following issues: Update to version 18.2. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivity...

MGASA-2026-0041 Updated postgresql15 packages fix security vulnerabilities

PostgreSQL oidvector discloses a few bytes of memory. CVE-2026-2003 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code. CVE-2026-2004 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code. CVE-2026-2005 PostgreSQL missing validation...

Updated postgresql15 packages fix security vulnerabilities

PostgreSQL oidvector discloses a few bytes of memory. CVE-2026-2003 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code. CVE-2026-2004 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code. CVE-2026-2005 PostgreSQL missing validation...

SUSE CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

FreeBSD : PostgreSQL -- Multiple vulnerabilities (e3afc190-0821-11f1-a857-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e3afc190-0821-11f1-a857-6cc21735f730 advisory. The PostgreSQL project reports: Improper validation of type oidvector in PostgreSQL allows a...

ALPINE-CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

UBUNTU-CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

CVE-2026-2007

CVE-2026-2007 affects PostgreSQL 18.0 and 18.1 due to a heap buffer overflow in the pg_trgm component, where crafted input strings can write patterns into server memory. The attacker’s control over the byte patterns is limited, and the document notes unknown impacts, with a potential for privileg...

CVE-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...