VYPR
High severity7.5NVD Advisory· Published Mar 26, 2026· Updated Jun 3, 2026

CVE-2026-32286

CVE-2026-32286

Description

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/jackc/pgproto3/v2Go
>= 2.0.0, <= 2.3.3

Affected products

39

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.