Go modules package
github.com/jackc/pgproto3/v2
pkg:golang/github.com/jackc/pgproto3/v2
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32286 | Hig | 7.5 | >= 2.0.0, <= 2.3.3 | — | Mar 26, 2026 | The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic. |
- affected >= 2.0.0, <= 2.3.3
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.