Go PostgreSQL Library Slice Bounds Vulnerability in DataRow.Decode Function
Vulnerability
A vulnerability exists in the DataRow.Decode function of the Go PostgreSQL library, specifically in version 2.0.0 prior to 2.3.3. The issue arises because the function does not properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, leading to a slice bounds out of range panic. This vulnerability can cause a denial-of-service condition by crashing the application.
Impact
Exploitation of this vulnerability causes a runtime panic due to a slice bounds out of range error, which crashes the application.
Reproduction
To reproduce this vulnerability, connect to a PostgreSQL server that sends a DataRow message with a negative field length (represented as a uint32 in the range of 0x80000000 to 0xFFFFFFFE). The DataRow.Decode function will panic with a slice bounds out of range error, causing the application to crash.
Remediation
Users can upgrade to version 2.3.3 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.