PostgreSQL has a memory leak vulnerability
PostgreSQL has a memory leak vulnerability
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
- Ubuntu 26.04 LTS (Resolute Raccoon): The Most Ambitious Ubuntu LTS in a Decade
- Proton Mail: Data Transferred to FBI Again!
- How Close Are Quantum Computers to Breaking RSA-2048?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
PostgreSQL has a memory leak vulnerability.
PostgreSQL is a set of free object-relational database management system organized by PostgreSQL.
The affected version of this project has a memory leak vulnerability.
When a remote attacker controls the PostgreSQL server, he can send an unterminated string when establishing Kerberos transmission encryption, causing the libpq client to over-read the data behind the receive buffer, including uninitialized bytes.
Then these uninitialized bytes will be returned to the server side together with the error message, which may eventually cause the disclosure of sensitive information.
Vulnerability name PostgreSQL has a memory leak vulnerability
- Discovery time: 2023-03-04
- MPS number: MPS-2022-58489
- CVE number: CVE-2022-41862
Sphere of influence
postgresql@[12.0, 12.14)
postgresql@[15.0, 15.2)
postgresql-13@ affects all versions
postgresql-15@(-∞, 15.2-1)
postgresql-13@ affects all versions
postgresql@[13.0, 13.10)
postgresql@(-∞, 11.19)
postgresql@[14.0, 14.7)
Repair plan
Upgrade postgresql to 11.19, 12.14, 13.10, 14.7, 15.2 or later
Upgrade the component postgresql-15 to version 15.2-1 and above
What’s PostgreSQL?
PostgreSQL is designed to handle a wide range of workloads, from small applications to large-scale data warehousing and web services. It provides advanced features such as support for complex data types, full-text search, and geospatial data, and has a strong reputation for data integrity, reliability, and robustness.
One of the key advantages of PostgreSQL is its extensibility. It has a large and active community of developers who contribute to a vast array of extensions and plug-ins, allowing users to customize the database to meet their specific needs. Additionally, PostgreSQL is compatible with a wide range of programming languages, including Java, Python, Ruby, and C++.
Overall, PostgreSQL is a powerful and flexible database management system that is well-suited for a wide range of applications, from small projects to large-scale enterprise solutions.
Reference link
https://nvd.nist.gov/vuln/detail/CVE-2022-41862
https://bugzilla.redhat.com/show_bug.cgi?id=2165722
https://www.postgresql.org/support/security/CVE-2022-41862/
PostgreSQL has a memory leak vulnerability
