ALPINE-CVE-2026-6575

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2026-6575
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6575.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-6575
Upstream
  • CVE-2026-6575
Published
2026-05-14T14:16:25.693Z
Modified
2026-06-15T18:18:11.296970179Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Buffer over-read in PostgreSQL function pgrestoreattribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.

References

Affected packages

Alpine:v3.23 / postgresql18

Package

Name
postgresql18
Purl
pkg:apk/alpine/postgresql18?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.4-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6575.json"

Alpine:v3.24 / postgresql18

Package

Name
postgresql18
Purl
pkg:apk/alpine/postgresql18?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.4-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6575.json"