BIT-postgresql-2022-41862

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2022-41862.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-postgresql-2022-41862
Aliases
Published
2024-03-06T11:03:45.894Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

References

Affected packages

Bitnami / postgresql

Package

Name
postgresql
Purl
pkg:bitnami/postgresql

Severity

  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
12.0.0
Fixed
12.14.0
Introduced
13.0.0
Fixed
13.10.0
Introduced
14.0.0
Fixed
14.7.0
Introduced
15.0.0
Fixed
15.2.0