BIT-postgresql-2026-6473

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2026-6473.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-postgresql-2026-6473
Aliases
  • CVE-2026-6473
Published
2026-05-18T05:52:58.988Z
Modified
2026-07-07T02:00:04.609178720Z
Summary
PostgreSQL server undersizes allocations, via integer wraparound
Details

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Database specific
{
    "cpes": [
        "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / postgresql

Package

Name
postgresql
Purl
pkg:bitnami/postgresql

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.23.0
Introduced
15.0.0
Fixed
15.18.0
Introduced
16.0.0
Fixed
16.14.0
Introduced
17.0.0
Fixed
17.10.0
Introduced
18.0.0
Fixed
18.4.0

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2026-6473.json"