BIT-postgresql-2026-2003

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2026-2003.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-postgresql-2026-2003

Aliases

CVE-2026-2003

Published

2026-02-16T16:03:27.354Z

Modified

2026-02-16T17:11:18.933194Z

Summary

PostgreSQL oidvector discloses a few bytes of memory

Details

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Database specific

{
    "cpes": [
        "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / postgresql

Package

Name: postgresql
Purl: pkg:bitnami/postgresql

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.21.0

Introduced

15.0.0

Fixed

15.16.0

Introduced

16.0.0

Fixed

16.12.0

Introduced

17.0.0

Fixed

17.8.0

Introduced

18.0.0

Fixed

18.2.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2026-2003.json"