Primary

Context

PostgreSQL Buffer Over-Read Vulnerability in GB18030 Encoding Validation Allowing Denial-of-Service

Vulnerability

Patched

A buffer over-read vulnerability has been identified in PostgreSQL's GB18030 encoding validation. This issue allows a database input provider to cause a temporary denial-of-service condition on platforms where a one-byte over-read can lead to process termination. The vulnerability affects the PostgreSQL database server and libpq, with versions prior to PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 being vulnerable.

Impact

Exploitation of this vulnerability can lead to a process crash, causing a temporary denial-of-service condition.

Remediation

Users can upgrade to PostgreSQL versions 17.5, 16.9, 15.13, 14.18, or 13.21 to address this vulnerability.

Added: Jun 5, 2025, 11:36 PM

Updated: Jun 6, 2025, 12:10 AM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PostgreSQL Buffer Over-Read Vulnerability in GB18030 Encoding Validation Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

PostgreSQL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating