2 matches found
CVE-2024-27304
CVE-2024-27304 affects pgx, a PostgreSQL driver/toolkit for Go. The vulnerability enables SQL injection when an attacker can cause a single query or Bind message to exceed 4 GB due to an integer overflow in message size calculation, which can cause the large message to be split into multiple mess...
CVE-2026-32286
CVE-2026-32286 relates to the Go PostgreSQL wire protocol parser (DataRow.Decode) failing to validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic in the affected code path. The issue...