Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | postgresql16-0:16.10-1.el10_0 | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:16-8100020250818110346.489197e6 | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:13-8100020250818110147.489197e6 | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:15-8100020250818110305.489197e6 | * |
| Red Hat Enterprise Linux 9 | RedHat | postgresql:16-9060020250817200213.rhel9 | * |
| Red Hat Enterprise Linux 9 | RedHat | postgresql:15-9060020250817180313.rhel9 | * |
| Postgresql-12 | Ubuntu | esm-infra/focal | * |
| Postgresql-12 | Ubuntu | focal | * |
| Postgresql-14 | Ubuntu | jammy | * |
| Postgresql-16 | Ubuntu | noble | * |
| Postgresql-16 | Ubuntu | oracular | * |
| Postgresql-17 | Ubuntu | plucky | * |