rpm package
suse/postgresql15&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6637 | Hig | 8.8 | < 15.18-160000.1.1 | 15.18-160000.1.1 | May 14, 2026 | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary | |
| CVE-2026-6479 | Hig | 7.5 | < 15.18-160000.1.1 | 15.18-160000.1.1 | May 14, 2026 | Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions b | |
| CVE-2026-6478 | Med | 6.5 | < 15.18-160000.1.1 | 15.18-160000.1.1 | May 14, 2026 | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may | |
| CVE-2026-6477 | Hig | 8.8 | < 15.18-160000.1.1 | 15.18-160000.1.1 | May 14, 2026 | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., resu | |
| CVE-2026-6475 | Hig | 8.8 | < 15.18-160000.1.1 | 15.18-160000.1.1 | May 14, 2026 | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implic | |
| CVE-2026-6474 | Med | 4.3 | < 15.18-160000.1.1 | 15.18-160000.1.1 | May 14, 2026 | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | |
| CVE-2026-6473 | Hig | 8.8 | < 15.18-160000.1.1 | 15.18-160000.1.1 | May 14, 2026 | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gi | |
| CVE-2026-6472 | Med | 5.4 | < 15.18-160000.1.1 | 15.18-160000.1.1 | May 14, 2026 | Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Version | |
| CVE-2026-2006 | — | < 15.16-160000.1.1 | 15.16-160000.1.1 | Feb 12, 2026 | Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL | ||
| CVE-2026-2005 | — | < 15.16-160000.1.1 | 15.16-160000.1.1 | Feb 12, 2026 | Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. | ||
| CVE-2026-2004 | — | < 15.16-160000.1.1 | 15.16-160000.1.1 | Feb 12, 2026 | Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. | ||
| CVE-2026-2003 | — | < 15.16-160000.1.1 | 15.16-160000.1.1 | Feb 12, 2026 | Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before Po | ||
| CVE-2025-12818 | Med | 5.9 | < 15.16-160000.1.1 | 15.16-160000.1.1 | Nov 13, 2025 | Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application usin | |
| CVE-2025-12817 | Low | 3.1 | < 15.16-160000.1.1 | 15.16-160000.1.1 | Nov 13, 2025 | Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. |
- affected < 15.18-160000.1.1fixed 15.18-160000.1.1
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary
- affected < 15.18-160000.1.1fixed 15.18-160000.1.1
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions b
- affected < 15.18-160000.1.1fixed 15.18-160000.1.1
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may
- affected < 15.18-160000.1.1fixed 15.18-160000.1.1
Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., resu
- affected < 15.18-160000.1.1fixed 15.18-160000.1.1
Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implic
- affected < 15.18-160000.1.1fixed 15.18-160000.1.1
Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
- affected < 15.18-160000.1.1fixed 15.18-160000.1.1
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gi
- affected < 15.18-160000.1.1fixed 15.18-160000.1.1
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Version
- CVE-2026-2006Feb 12, 2026affected < 15.16-160000.1.1fixed 15.16-160000.1.1
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL
- CVE-2026-2005Feb 12, 2026affected < 15.16-160000.1.1fixed 15.16-160000.1.1
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
- CVE-2026-2004Feb 12, 2026affected < 15.16-160000.1.1fixed 15.16-160000.1.1
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
- CVE-2026-2003Feb 12, 2026affected < 15.16-160000.1.1fixed 15.16-160000.1.1
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before Po
- affected < 15.16-160000.1.1fixed 15.16-160000.1.1
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application usin
- affected < 15.16-160000.1.1fixed 15.16-160000.1.1
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail.