4.3
CVE-2026-6575
- EPSS 0.21%
- Veröffentlicht 14.05.2026 13:00:14
- Zuletzt bearbeitet 18.05.2026 15:04:50
- Quelle f86ef6dc-4d3a-42ad-8f28-e6d554
- CVE-Watchlists
- Unerledigt
PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array
Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version >= 18.0 < 18.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.108 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-126 Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
https://www.postgresql.org/support/security/CVE-2026-6575/