Description
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Details
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| postgresql-10 | — | — |
| postgresql-12 | — | — |
| postgresql-14 | — | 14.22-0ubuntu0.22.04.1 |
| postgresql-16 | — | 16.13-0ubuntu0.24.04.1 |
| postgresql-17 | — | 17.9-0ubuntu0.25.10.1 |
| postgresql-18 | — | — |
| postgresql-9.3 | — | — |
| postgresql-9.5 | — | — |
References
Similar Threats
- Unknown CLSA-2026-1779880647
- Unknown CLSA-2025-1742471100
- Unknown UBUNTU-CVE-2024-10976
- Unknown UBUNTU-CVE-2024-10977
- Unknown UBUNTU-CVE-2024-10978
Exploit Protection
Help block exploit attempts
BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.
Try BotEraser Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.