CVE-2024-32655

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32655

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32655.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32655

Aliases

GHSA-x9vc-6hfv-hg8c

Related

UBUNTU-CVE-2024-32655

Published

2024-05-14T15:36:51Z

Modified

2024-10-08T04:11:26.582917Z

Summary

[none]

Details

Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3.

References

Affected packages

Git / github.com/npgsql/npgsql

Affected ranges

Type: GIT
Repo: https://github.com/npgsql/npgsql
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

091655eed0c84e502ab424950c930339d17c1928

Fixed

3183efb2bdcca159c8c2e22af57e18ea8f853cf0

Fixed

67acbe027e28477ac2199e15cfb554bb2ffaf169

Fixed

703d9af8fa48dfe8c0180e36edb8278f34342d7b

Fixed

a22a42d8141d7a3528f43c02c095a409507cf1af

Fixed

e34e2ba8042e666d9af54a1b255fba4d5b11df56

Fixed

f7e7ead0702d776a8f551f5786c4cac2d65c4bc6

Affected versions

v2.*

v2.0.12.0

v2.0.13-beta1

v3.*

v3.0.0

v3.0.0-beta.1

v3.0.0-rc1

v3.0.0-rc2

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.1.0

v3.1.0-alpha1

v3.1.0-alpha6

v3.1.0-beta1

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.4.1

v3.2.5

v3.2.6

v3.2.7

v4.*

v4.0.0

v4.0.0-preview2

v4.0.0-rc1

v4.0.1

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.2

v4.0.4

v4.0.4.1

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.3.1

v4.1.4

v4.1.5

v4.1.6

v5.*

v5.0.0

v5.0.0-preview1

v5.0.1

v5.0.10

v5.0.11

v5.0.12

v5.0.13

v5.0.14

v5.0.15

v5.0.17

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.7

v6.*

v6.0.0

v6.0.0-preview3

v6.0.0-preview4

v6.0.0-preview5

v6.0.0-preview6

v6.0.0-preview7

v6.0.0-rc.1

v6.0.0-rc.2

v6.0.1

v6.0.10

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v7.*

v7.0.0

v7.0.0-preview.1

v7.0.0-preview.2

v7.0.0-preview.3

v7.0.0-preview.4

v7.0.0-preview.5

v7.0.0-preview.6

v7.0.0-preview.7

v7.0.0-rc.1

v7.0.0-rc.2

v7.0.1

v7.0.2

v7.0.4

v7.0.6

v8.*

v8.0.0

v8.0.0-preview.1

v8.0.0-preview.2

v8.0.0-preview.3

v8.0.0-preview.4

v8.0.0-rc.2

v8.0.1

v8.0.2