DEBIAN-CVE-2026-2003

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2026-2003
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-2003.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-2003
Upstream
Downstream
Published
2026-02-12T14:16:02.067Z
Modified
2026-02-20T10:01:31.468554Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

References

Affected packages

Debian:11 / postgresql-13

Package

Name
postgresql-13
Purl
pkg:deb/debian/postgresql-13?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

13.*
13.3-1
13.4-0+deb11u1
13.4-1
13.4-2
13.4-3
13.5-0+deb11u1
13.7-0+deb11u1
13.8-0+deb11u1
13.9-0+deb11u1
13.10-0+deb11u1
13.11-0+deb11u1
13.12-0+deb11u1
13.13-0+deb11u1
13.14-0+deb11u1
13.15-0+deb11u1
13.16-0+deb11u1
13.17-0+deb11u1
13.18-0+deb11u1
13.19-0+deb11u1
13.20-0+deb11u1
13.21-0+deb11u1
13.22-0+deb11u1
13.23-0+deb11u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-2003.json"

Debian:12 / postgresql-15

Package

Name
postgresql-15
Purl
pkg:deb/debian/postgresql-15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.16-0+deb12u1

Affected versions

15.*
15.3-0+deb12u1
15.3-1
15.4-0+deb12u1
15.4-1
15.4-2
15.4-3
15.5-0+deb12u1
15.6-0+deb12u1
15.7-0+deb12u1
15.8-0+deb12u1
15.9-0+deb12u1
15.10-0+deb12u1
15.11-0+deb12u1
15.12-0+deb12u1
15.12-0+deb12u2
15.13-0+deb12u1
15.14-0+deb12u1
15.15-0+deb12u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-2003.json"

Debian:13 / postgresql-17

Package

Name
postgresql-17
Purl
pkg:deb/debian/postgresql-17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.8-0+deb13u1

Affected versions

17.*
17.5-1
17.6-0+deb13u1
17.6-1
17.7-0+deb13u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-2003.json"

Debian:14 / postgresql-18

Package

Name
postgresql-18
Purl
pkg:deb/debian/postgresql-18?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.2-1

Affected versions

18~~devel.*
18~~devel.20250318+g4078da6c478-1
18~~devel.20250331-1
18~~devel.20250405-1
18~~devel.20250421-1
18~~devel.20250502-1
Other
18~beta1-1
18~beta1+20250612-1
18~beta1+20250624-1
18~beta1+20250701-1
18~beta2-1
18~beta3-1
18~rc1-1
18~rc1-2
18~rc1-3
18.*
18.0-1
18.1-1
18.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-2003.json"