Security Bulletin: Due to use of postgresql-42.7.10.jar, IBM Sterling Connect:Direct Web Services is affected by client-side denial of service.

Summary postgresql-42.7.10.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42198. Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial o...

OESA-2026-2501 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

OESA-2026-2446 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

Astra Linux - уязвимость в libpgjava

pgjdbc is the official PostgreSQL JDBC Driver. A security flaw was discovered in the JDBC driver for the postgresql database during security research. Systems that use the postgresql library will be vulnerable when an attacker controls the JDBC URL or connection properties. pgjdbc creates plugin...

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service DoS or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation...

SUSE CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889

A flaw was found in pgx, a PostgreSQL driver and toolkit for Go. This SQL injection vulnerability can occur when using the non-default simple protocol, a dollar-quoted string literal in the SQL query, and when that string literal contains text interpreted as a placeholder with an...

DoS (Denial of Service) at postgresql dependency in Crucible Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.9.0 of Crucible Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a resource to...

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

...

UBUNTU-CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

Astra Linux - уязвимость в php8.1

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, and 8.5. before 8.5.1, when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting...

Allocation of Resources Without Limits or Throttling

Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the client-side SCRAM-SHA-256 authentication. An attacker can cause excessive CPU consumptio...

CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

PT-2026-35952

Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.2.0 through 42.7.10 Description A client-side denial of service occurs during SCRAM-SHA-256 authentication. A malicious server can force the driver to execute SCRAM authentication using an excessively large iteration count,...

SQL Injection

Overview github.com/jackc/pgx/v5 is a pure Go driver and toolkit for PostgreSQL Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted...

CVE-2026-33816

A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service DoS or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation...

GHSA-XGRM-4FWX-7QM8 pgx contains memory-safety vulnerability

pgx is a pure Go driver and toolkit for PostgreSQL. pgx prior to v5.9.0 contains a memory-safety vulnerability...