ALPINE-CVE-2026-2003

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2026-2003

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2003.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-2003

Upstream

CVE-2026-2003

Published

2026-02-12T14:16:02.067Z

Modified

2026-02-15T20:14:33.997627Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

References

https://security.alpinelinux.org/vuln/CVE-2026-2003

Affected packages

Alpine:v3.20

postgresql15

Package

Name: postgresql15
Purl: pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.16-r0

Affected versions

15.*

15.1-r0

15.1-r1

15.2-r0

15.2-r1

15.2-r2

15.2-r3

15.2-r4

15.3-r0

15.3-r1

15.4-r0

15.4-r1

15.4-r2

15.5-r0

15.6-r0

15.6-r1

15.6-r2

15.7-r0

15.8-r0

15.9-r0

15.10-r0

15.11-r0

15.13-r0

15.14-r0

15.15-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2003.json"

postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.12-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.2-r2

16.2-r3

16.2-r4

16.3-r0

16.4-r0

16.5-r0

16.6-r0

16.8-r0

16.9-r0

16.10-r0

16.11-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2003.json"

Alpine:v3.21

postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.12-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.2-r2

16.2-r3

16.2-r4

16.3-r0

16.3-r1

16.4-r0

16.4-r1

16.5-r0

16.6-r0

16.8-r0

16.9-r0

16.10-r0

16.11-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2003.json"

postgresql17

Package

Name: postgresql17
Purl: pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.8-r0

Affected versions

17.*

17.0-r0

17.0-r1

17.1-r0

17.2-r0

17.4-r0

17.5-r0

17.6-r0

17.7-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2003.json"

Alpine:v3.22

postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.12-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.2-r2

16.2-r3

16.2-r4

16.3-r0

16.3-r1

16.4-r0

16.4-r1

16.5-r0

16.6-r0

16.8-r0

16.8-r1

16.8-r2

16.8-r3

16.8-r4

16.9-r0

16.10-r0

16.11-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2003.json"

postgresql17

Package

Name: postgresql17
Purl: pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.8-r0

Affected versions

17.*

17.0-r0

17.0-r1

17.1-r0

17.2-r0

17.4-r0

17.4-r1

17.4-r2

17.4-r3

17.4-r4

17.5-r0

17.6-r0

17.7-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2003.json"

Alpine:v3.23

postgresql17

Package

Name: postgresql17
Purl: pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.8-r0

Affected versions

17.*

17.0-r0

17.0-r1

17.1-r0

17.2-r0

17.4-r0

17.4-r1

17.4-r2

17.4-r3

17.4-r4

17.5-r0

17.5-r1

17.5-r2

17.5-r3

17.6-r0

17.6-r1

17.7-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2003.json"

postgresql18

Package

Name: postgresql18
Purl: pkg:apk/alpine/postgresql18?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.2-r0

Affected versions

18.*

18.0-r0

18.1-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2003.json"