Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via improper validation of the oidvector type. An attacker can access a few bytes of server memory by crafting specific database queries. Remediation Upgrade libpq to version 14.22, 15.17,...

RHEL 8 : libpq (RHSA-2026:0695)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0695 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql:...

OESA-2025-1568 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

postgresql: Certain host connection parameters defeat client-side security defenses

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...