https://www.postgresql.org/support/security/CVE-2025-12818/ reports:
- Integer wraparound in multiple PostgreSQL libpq client
library functions allows an application input provider or
network peer to cause libpq to undersize an allocation and
write out-of-bounds by hundreds of megabytes. This results
in a segmentation fault for the application using libpq.
- Missing authorization in PostgreSQL CREATE STATISTICS
command allows a table owner to achieve denial of service
against other CREATE STATISTICS users by creating in any
schema. A later CREATE STATISTICS for the same name, from a
user having the CREATE privilege, would then fail.