CVE-2025-12818

Summary

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Affected Software

VendorProductVersion RangeStatus
n/aPostgreSQL18 < 18.1affected
n/aPostgreSQL17 < 17.7affected
n/aPostgreSQL16 < 16.11affected
n/aPostgreSQL15 < 15.15affected
n/aPostgreSQL14 < 14.20affected
n/aPostgreSQL0 < 13.23affected

Weaknesses

  • CWE-190: Integer Overflow or Wraparound

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References