24 matches found
github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out ...
github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out ...
OPENSUSE-SU-2026:20752-1 Security update for alloy
This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...
ROOT-APP-GOBINARY-CVE-2026-32286 CVE-2026-32286 in rootio-github.com/jackc/pgproto3/v2 - Patched by Root
Root has patched CVE-2026-32286 in the rootio-github.com/jackc/pgproto3/v2 package for Root:Go. Multiple fixed versions available...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses github.com/jackc/pgproto3/v2-v2.3.3 which is vulnerable to CVE-2026-4427
Summary IBM Maximo Application Suite - Visual Inspection component uses github.com/jackc/pgproto3/v2-v2.3.3 which is vulnerable to CVE-2026-4427, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-4427 DESCRIPTION: Rejected...
Improper Validation of Array Index
Overview github.com/jackc/pgx/v5/pgproto3 is a low-level PostgreSQL database driver Affected versions of this package are vulnerable to Improper Validation of Array Index in the Bind.Decode function. An attacker can cause unexpected memory access or application crashes by sending specially crafte...
Incorrect Comparison
Overview Affected versions of this package are vulnerable to Incorrect Comparison in the FunctionCall.Decode function. An attacker can cause a crash on 64-bit machine by sending a null argument in a FunctionCall response from PostgreSQL server since the intermediate int32 cast is absent in Decode...
CVE-2026-32286 Denial of service in github.com/jackc/pgproto3/v2
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...
SUSE CVE-2026-4427
Duplicate of CVE-2026-32286...
GHSA-X6GF-MPR2-68H6 Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow...
Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow...
EUVD-2026-13115
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...
CVE-2026-4427
Rejected reason: Duplicate of CVE-2026-32286...
UBUNTU-CVE-2026-4427
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...
CVE-2026-4427
...
CVE-2026-4427
Summary of CVE-2026-4427 : The vulnerability is in the pgproto3 data-path used for PostgreSQL wire protocol parsing. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, triggering an input-validation failure that causes a slice-bounds panic and le...
CVE-2026-4427
Duplicate of CVE-2026-32286...
CVE-2026-4427
...
CVE-2026-4427
Removed by vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-4427
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This inpu...