VDB
DEBIAN-CVE-2025-12818
DEBIAN-CVE-2025-12818
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Risk Scores
CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | postgresql-13 | 13.9-0+deb11u1, *, 13.3-1 |
| Debian:13 | postgresql-17 | 17.6-1, 17.6-0, 17.5-1 |
| Debian:12 | postgresql-15 | 15.5-0, 15.10-0+deb12u1, 15.11-0+deb12u1 |
| Debian:14 | postgresql-18 | *, *, 18~rc1-3 |
Timeline
- Nov 13, 2025 CVE Published
- Apr 28, 2026 CVE Updated