github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server

A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out ...

github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server

A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out ...

EUVD-2026-25374

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

CVE-2026-32952

CVE-2026-32952 affects the Go package go-ntlmssp. Before version 0.1.1, a malformed NTLM challenge message can trigger a slice-out-of-bounds panic in ntlmssp.Negotiator when used as an HTTP transport, potentially crashing the Go process. The issue is fixed in version 0.1.1. Affected components ar...

GHSA-PJCQ-XVWQ-HHPJ go-ntlmssp NTLM challenges can panic on malformed payloads

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

GHSA-VG76-XMHG-J5X3 Incus vulnerable to denial of source through crafted bucket backup file

Summary A specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a denial of service of the control plane API. This does not impact any runnin...

CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32286

CVE-2026-32286 relates to the Go PostgreSQL wire protocol parser (DataRow.Decode) failing to validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic in the affected code path. The issue...

CVE-2026-32286 Denial of service in github.com/jackc/pgproto3/v2

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

UBUNTU-CVE-2026-4427

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...

CVE-2026-4427

...

PT-2026-28437

Name of the Vulnerable Software and Affected Versions versions prior to 2026-32286 Description The DataRow.Decode function does not correctly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, resulting in a slice bounds o...

PT-2026-26292

Name of the Vulnerable Software and Affected Versions pgproto3 affected versions not specified Description A flaw exists in pgproto3 where a malicious or compromised PostgreSQL server can send a DataRow message containing a negative field length. This input validation issue can cause a denial of...

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64b216 | uint64b18 | uint64b0" in reader.go...

In x/text in Go before v0.3.5 a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

...

SUSE CVE-2020-28852

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag...

golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag...