[oss-security] CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

Alan Coopersmith Fri, 09 May 2025 08:51:18 -0700

https://www.postgresql.org/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/
announces the release of PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21, all
of which include a fix for:


CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end
 of allocation for text that fails validation

CVSS v3.1 Base Score: 5.9

Supported, Vulnerable Versions: 13 - 17.

A buffer over-read in PostgreSQL GB18030 encoding validation allows a database
input provider to achieve temporary denial of service on platforms where a
1-byte over-read can elicit process termination.

This affects the database server and also libpq.

Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

--
        -Alan Coopersmith-                 alan.coopersm...@oracle.com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

Reply via email to