7.5

CVE-2026-32286

Denial of service in github.com/jackc/pgproto3/v2

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JackcPgproto3 SwPlatformgo Version >= 2.0.0 <= 2.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.387
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://github.com/golang/vulndb/issues/4518
Issue Tracking
https://github.com/jackc/pgx/issues/2507
Issue Tracking
https://securityinfinity.com/research/memory-safety-vulnerabilities-in-go-postgresql-wire-protocol-parsers-pgproto3-pgx
Third Party Advisory
Mitigation
https://pkg.go.dev/vuln/GO-2026-4518
Patch
Third Party Advisory
https://github.com/advisories/GHSA-jqcq-xjh3-6g23
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:19375
https://access.redhat.com/errata/RHSA-2026:21017
https://access.redhat.com/errata/RHSA-2026:22465
https://access.redhat.com/errata/RHSA-2026:24853
https://access.redhat.com/errata/RHSA-2026:22450
https://access.redhat.com/errata/RHSA-2026:22714
https://access.redhat.com/errata/RHSA-2026:11856
https://access.redhat.com/errata/RHSA-2026:11916
https://access.redhat.com/errata/RHSA-2026:11070
https://access.redhat.com/errata/RHSA-2026:11217
https://access.redhat.com/errata/RHSA-2026:11996
https://access.redhat.com/errata/RHSA-2026:21769
https://access.redhat.com/errata/RHSA-2026:22347
https://access.redhat.com/errata/RHSA-2026:22423
https://access.redhat.com/errata/RHSA-2026:23345
https://access.redhat.com/security/cve/CVE-2026-32286
https://bugzilla.redhat.com/show_bug.cgi?id=2451847
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32286.json