In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postgresql | Postgresql | 12.0 (including) | 12.14 (excluding) |
Postgresql | Postgresql | 13.0 (including) | 13.10 (excluding) |
Postgresql | Postgresql | 14.0 (including) | 14.7 (excluding) |
Postgresql | Postgresql | 15.0 (including) | 15.2 (excluding) |