rpm package
almalinux/libpq
pkg:rpm/almalinux/libpq
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6478 | Med | 6.5 | < 13.23-2.el8_10 | 13.23-2.el8_10 | May 14, 2026 | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may | |
| CVE-2026-6477 | Hig | 8.8 | < 13.23-2.el8_10 | 13.23-2.el8_10 | May 14, 2026 | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., resu | |
| CVE-2026-6475 | Hig | 8.8 | < 13.23-2.el8_10 | 13.23-2.el8_10 | May 14, 2026 | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implic | |
| CVE-2026-6473 | Hig | 8.8 | < 13.23-2.el8_10 | 13.23-2.el8_10 | May 14, 2026 | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gi | |
| CVE-2025-12818 | Med | 5.9 | < 13.23-1.el9_7 | 13.23-1.el9_7 | Nov 13, 2025 | Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application usin | |
| CVE-2025-1094 | Hig | 8.1 | < 13.20-1.el8_10 | 13.20-1.el8_10 | Feb 13, 2025 | Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires t | |
| CVE-2022-41862 | — | < 13.11-1.el9 | 13.11-1.el9 | Mar 3, 2023 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. | ||
| CVE-2021-23222 | — | < 13.5-1.el8 | 13.5-1.el8 | Mar 2, 2022 | A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. |
- affected < 13.23-2.el8_10fixed 13.23-2.el8_10
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may
- affected < 13.23-2.el8_10fixed 13.23-2.el8_10
Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., resu
- affected < 13.23-2.el8_10fixed 13.23-2.el8_10
Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implic
- affected < 13.23-2.el8_10fixed 13.23-2.el8_10
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gi
- affected < 13.23-1.el9_7fixed 13.23-1.el9_7
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application usin
- affected < 13.20-1.el8_10fixed 13.20-1.el8_10
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires t
- CVE-2022-41862Mar 3, 2023affected < 13.11-1.el9fixed 13.11-1.el9
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
- CVE-2021-23222Mar 2, 2022affected < 13.5-1.el8fixed 13.5-1.el8
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.