PostgreSQL has a memory leak vulnerability
2 min readPostgreSQL has a memory leak vulnerability
- Raspberry Pi 5 vs. Mini PC with Intel N100 Processor
- Huawei NearLink Surpasses Bluetooth and WiFi on All Fronts
- Huawei: First Wi-Fi 7 Router BE3 Pro with 2.5G Port at US$68
- What are the differences between WiFi6 WiFi6e and WiFi7?
- PBX On Raspberry Pi
- FreePBX vs. FusionFBX
PostgreSQL has a memory leak vulnerability.
PostgreSQL is a set of free object-relational database management system organized by PostgreSQL.
The affected version of this project has a memory leak vulnerability.
When a remote attacker controls the PostgreSQL server, he can send an unterminated string when establishing Kerberos transmission encryption, causing the libpq client to over-read the data behind the receive buffer, including uninitialized bytes.
Then these uninitialized bytes will be returned to the server side together with the error message, which may eventually cause the disclosure of sensitive information.
Vulnerability name PostgreSQL has a memory leak vulnerability
- Discovery time: 2023-03-04
- MPS number: MPS-2022-58489
- CVE number: CVE-2022-41862
Sphere of influence
postgresql@[12.0, 12.14)
postgresql@[15.0, 15.2)
postgresql-13@ affects all versions
postgresql-15@(-∞, 15.2-1)
postgresql-13@ affects all versions
postgresql@[13.0, 13.10)
postgresql@(-∞, 11.19)
postgresql@[14.0, 14.7)
Repair plan
Upgrade postgresql to 11.19, 12.14, 13.10, 14.7, 15.2 or later
Upgrade the component postgresql-15 to version 15.2-1 and above
What’s PostgreSQL?
PostgreSQL is designed to handle a wide range of workloads, from small applications to large-scale data warehousing and web services. It provides advanced features such as support for complex data types, full-text search, and geospatial data, and has a strong reputation for data integrity, reliability, and robustness.
One of the key advantages of PostgreSQL is its extensibility. It has a large and active community of developers who contribute to a vast array of extensions and plug-ins, allowing users to customize the database to meet their specific needs. Additionally, PostgreSQL is compatible with a wide range of programming languages, including Java, Python, Ruby, and C++.
Overall, PostgreSQL is a powerful and flexible database management system that is well-suited for a wide range of applications, from small projects to large-scale enterprise solutions.
Reference link
https://nvd.nist.gov/vuln/detail/CVE-2022-41862
https://bugzilla.redhat.com/show_bug.cgi?id=2165722
https://www.postgresql.org/support/security/CVE-2022-41862/
PostgreSQL has a memory leak vulnerability
