BIT-postgresql-2025-12818

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2025-12818.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-postgresql-2025-12818
Aliases
  • CVE-2025-12818
Published
2025-11-21T08:47:38.070Z
Modified
2025-11-21T09:27:44.222098Z
Summary
PostgreSQL libpq undersizes allocations, via integer wraparound
Details

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / postgresql

Package

Name
postgresql
Purl
pkg:bitnami/postgresql

Severity

  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.23.0
Introduced
14.0.0
Fixed
14.20.0
Introduced
15.0.0
Fixed
15.15.0
Introduced
16.0.0
Fixed
16.11.0
Introduced
17.0.0
Fixed
17.7.0
Introduced
18.0.0
Fixed
18.1.0

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2025-12818.json"