8.8
CVE-2026-6477
- EPSS 0.04%
- Veröffentlicht 14.05.2026 13:00:12
- Zuletzt bearbeitet 14.05.2026 16:21:23
- Quelle f86ef6dc-4d3a-42ad-8f28-e6d554
- CVE-Watchlists
- Unerledigt
PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
PostgreSQL
Default Statusunaffected
Version
18
Version <
18.4
Status
affected
Version
17
Version <
17.10
Status
affected
Version
16
Version <
16.14
Status
affected
Version
15
Version <
15.18
Status
affected
Version
0
Version <
14.23
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.124 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-242 Use of Inherently Dangerous Function
The product calls a function that can never be guaranteed to work safely.