FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.

Affected packages
postgresql15-client < 15.2
postgresql14-client < 14.7
postgresql13-client < 13.10
postgresql12-client < 12.14


VuXML ID 7a8b6170-a889-11ed-bbae-6cc21735f730
Discovery 2023-02-09
Entry 2023-02-09

PostgreSQL Project reports:

A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option gssencmode, a server can cause libpq to over-read and report an error message containing uninitialized bytes from and following its receive buffer. If libpq's caller somehow makes that message accessible to the attacker, this achieves a disclosure of the over-read bytes. We have not confirmed or ruled out viability of attacks that arrange for a crash or for presence of notable, confidential information in disclosed bytes.


CVE Name CVE-2022-41862