Updated: 2026-01-12 15:33:39.694246
Description:
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libpq | 13.5 | 7.5 | HIGH | Released | CLSA-2026:1768413370 | 2026-01-15 01:19:08 | |
| AlmaLinux 9.2 ESU | postgresql | 13.11 | 7.5 | HIGH | Released | 2026-02-09 20:35:16 | ||
| TuxCare 9.6 ESU | postgresql | 13.22 | 7.5 | HIGH | Released | CLSA-2026:1768910677 | 2026-01-20 17:34:27 | |
| TuxCare 9.6 ESU | libpq | 13.20 | 7.5 | HIGH | Released | CLSA-2026:1768565904 | 2026-01-16 16:04:54 |