FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PostgreSQL -- PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

Affected packages
postgresql17-client < 17.5
postgresql16-client < 16.9
postgresql15-client < 15.13
postgresql14-client < 14.18
postgresql13-client < 13.21
postgresql17-server < 17.5
postgresql16-server < 16.9
postgresql15-server < 15.13
postgresql14-server < 14.18
postgresql13-server < 13.21

Details

VuXML ID 78b8e808-2c45-11f0-9a65-6cc21735f730
Discovery 2025-05-08
Entry 2025-05-08

PostgreSQL project reports:

A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

[source]

References

CVE Name CVE-2025-4207
URL https://www.postgresql.org/support/security/CVE-2025-4207/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.