VYPR

rpm package

almalinux/libpq

pkg:rpm/almalinux/libpq

Vulnerabilities (8)

  • CVE-2026-6478MedMay 14, 2026
    affected < 13.23-2.el8_10fixed 13.23-2.el8_10

    Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may

  • CVE-2026-6477HigMay 14, 2026
    affected < 13.23-2.el8_10fixed 13.23-2.el8_10

    Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., resu

  • CVE-2026-6475HigMay 14, 2026
    affected < 13.23-2.el8_10fixed 13.23-2.el8_10

    Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implic

  • CVE-2026-6473HigMay 14, 2026
    affected < 13.23-2.el8_10fixed 13.23-2.el8_10

    Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gi

  • CVE-2025-12818MedNov 13, 2025
    affected < 13.23-1.el9_7fixed 13.23-1.el9_7

    Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application usin

  • CVE-2025-1094HigFeb 13, 2025
    affected < 13.20-1.el8_10fixed 13.20-1.el8_10

    Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires t

  • CVE-2022-41862Mar 3, 2023
    affected < 13.11-1.el9fixed 13.11-1.el9

    In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

  • CVE-2021-23222Mar 2, 2022
    affected < 13.5-1.el8fixed 13.5-1.el8

    A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.