RockyLinux 10 : osbuild-composer (RLSA-2026:22450)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22450 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server

A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out ...

GHSA-JQCQ-XJH3-6G23 Denial of service in github.com/jackc/pgproto3/v2

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

GO-2026-4518 Denial of service in github.com/jackc/pgproto3/v2

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...