December 9, 2023

PBX Science

VoIP & PBX, Networking, DIY, Computers.

PostgreSQL has a memory leak vulnerability

2 min read

PostgreSQL has a memory leak vulnerability


PostgreSQL has a memory leak vulnerability.

PostgreSQL is a set of free object-relational database management system organized by PostgreSQL.


PostgreSQL has a memory leak vulnerability


The affected version of this project has a memory leak vulnerability.

When a remote attacker controls the PostgreSQL server, he can send an unterminated string when establishing Kerberos transmission encryption, causing the libpq client to over-read the data behind the receive buffer, including uninitialized bytes.

Then these uninitialized bytes will be returned to the server side together with the error message, which may eventually cause the disclosure of sensitive information.


Vulnerability name PostgreSQL has a memory leak vulnerability

  • Discovery time:   2023-03-04
  • MPS number:      MPS-2022-58489
  • CVE number:       CVE-2022-41862


Sphere of influence

postgresql@[12.0, 12.14)

postgresql@[15.0, 15.2)

postgresql-13@ affects all versions

postgresql-15@(-∞, 15.2-1)

postgresql-13@ affects all versions

postgresql@[13.0, 13.10)

postgresql@(-∞, 11.19)

postgresql@[14.0, 14.7)


Repair plan

Upgrade postgresql to 11.19, 12.14, 13.10, 14.7, 15.2 or later

Upgrade the component postgresql-15 to version 15.2-1 and above


What’s PostgreSQL?

PostgreSQL is a powerful open-source relational database management system (RDBMS) that is widely used for enterprise-class applications. It was originally developed at the University of California, Berkeley, in the 1980s and has since become one of the most popular and reliable database management systems available today.

PostgreSQL is designed to handle a wide range of workloads, from small applications to large-scale data warehousing and web services. It provides advanced features such as support for complex data types, full-text search, and geospatial data, and has a strong reputation for data integrity, reliability, and robustness.


One of the key advantages of PostgreSQL is its extensibility. It has a large and active community of developers who contribute to a vast array of extensions and plug-ins, allowing users to customize the database to meet their specific needs. Additionally, PostgreSQL is compatible with a wide range of programming languages, including Java, Python, Ruby, and C++.


Overall, PostgreSQL is a powerful and flexible database management system that is well-suited for a wide range of applications, from small projects to large-scale enterprise solutions.







Reference link

PostgreSQL has a memory leak vulnerability

Disclaimer of

Copyright © All rights reserved. | Newsphere by AF themes.