CVE Vulnerabilities

CVE-2026-6575

Buffer Over-read

Published: May 14, 2026 | Modified: May 18, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
4.3 MODERATE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.

Weakness

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Affected Software

NameVendorStart VersionEnd Version
PostgresqlPostgresql18.0 (including)18.4 (excluding)
Red Hat Hardened ImagesRedHatpostgresql17-main-17.10-0.1.hum1*
Red Hat Hardened ImagesRedHatpostgresql18-main-18.4-0.1.hum1*
Postgresql-10Ubuntuupstream*
Postgresql-12Ubuntuupstream*
Postgresql-14Ubuntujammy*
Postgresql-16Ubuntunoble*
Postgresql-17Ubuntuquesting*
Postgresql-18Ubuntudevel*
Postgresql-18Ubunturesolute*
Postgresql-9.3Ubuntuupstream*
Postgresql-9.5Ubuntuupstream*

References