8.8

CVE-2026-6473

Medienbericht

PostgreSQL server undersizes allocations, via integer wraparound

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds.  This may execute arbitrary code as the operating system user running the database.  In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault.  Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version < 14.23
PostgresqlPostgresql Version >= 15.0 < 15.18
PostgresqlPostgresql Version >= 16.0 < 16.14
PostgresqlPostgresql Version >= 17.0 < 17.10
PostgresqlPostgresql Version >= 18.0 < 18.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.472
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
18.05.2026 14:45
https://www.postgresql.org/support/security/CVE-2026-6473/
Patch
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:22878
https://access.redhat.com/errata/RHSA-2026:26181
https://access.redhat.com/errata/RHSA-2026:26203
https://access.redhat.com/errata/RHSA-2026:26204
https://access.redhat.com/errata/RHSA-2026:26524
https://access.redhat.com/errata/RHSA-2026:26525
https://access.redhat.com/errata/RHSA-2026:26561
https://access.redhat.com/errata/RHSA-2026:27718
https://access.redhat.com/errata/RHSA-2026:27738
https://access.redhat.com/errata/RHSA-2026:27741
https://access.redhat.com/errata/RHSA-2026:27742
https://access.redhat.com/errata/RHSA-2026:27743
https://access.redhat.com/errata/RHSA-2026:28037
https://access.redhat.com/errata/RHSA-2026:28143
https://access.redhat.com/errata/RHSA-2026:28999
https://access.redhat.com/errata/RHSA-2026:29212
https://access.redhat.com/errata/RHSA-2026:29815
https://access.redhat.com/errata/RHSA-2026:29904
https://access.redhat.com/errata/RHSA-2026:29953
https://access.redhat.com/errata/RHSA-2026:32983
https://access.redhat.com/errata/RHSA-2026:32994
https://access.redhat.com/security/cve/CVE-2026-6473
https://bugzilla.redhat.com/show_bug.cgi?id=2477448
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6473.json
https://access.redhat.com/errata/RHSA-2026:33441
https://access.redhat.com/errata/RHSA-2026:33497
https://access.redhat.com/errata/RHSA-2026:34043
https://access.redhat.com/errata/RHSA-2026:34362
https://access.redhat.com/errata/RHSA-2026:34363
https://access.redhat.com/errata/RHSA-2026:35880