PostgreSQL libpq Integer Wraparound Vulnerability Leading to Out-of-Bounds Write and Segmentation Fault

Vulnerability

A vulnerability exists in multiple functions of the PostgreSQL libpq client library due to an integer wraparound issue. This flaw allows an application input provider or network peer to manipulate data in a way that causes libpq to allocate memory incorrectly, undersizing the allocation and leading to an out-of-bounds write of several hundred megabytes. The consequence of this vulnerability is a segmentation fault in the application using libpq. Affected versions include those prior to PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23.

Impact

Exploitation of this vulnerability causes a segmentation fault in the application using the libpq client library, leading to a crash of the application.

Added: Nov 13, 2025, 1:18 PM

Updated: Nov 13, 2025, 1:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PostgreSQL libpq Integer Wraparound Vulnerability Leading to Out-of-Bounds Write and Segmentation Fault

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating