4 matches found
CVE-2024-32655
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-32655
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
SQL Injection
Npgsql is vulnerable to SQL injection. The vulnerability is caused by an integer overflow in the WriteBind method within NpgsqlConnector.FrontendMessages.cs, which leads to miscalculated message lengths when constructing PostgreSQL protocol messages. This allows attackers to manipulate message...
PT-2024-3776 · Npgsql · Npgsql
Name of the Vulnerable Software and Affected Versions: Npgsql versions prior to 4.0.14 Npgsql versions prior to 4.1.13 Npgsql versions prior to 5.0.18 Npgsql versions prior to 6.0.11 Npgsql versions prior to 7.0.7 Npgsql versions prior to 8.0.3 Description: The WriteBind method in...