CVE-2022-41862
03.03.2023, 16:15
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.Enginsight
| Vendor | Product | Version |
|---|---|---|
| postgresql | postgresql | 12.0 ≤ 𝑥 < 12.14 |
| postgresql | postgresql | 13.0 ≤ 𝑥 < 13.10 |
| postgresql | postgresql | 14.0 ≤ 𝑥 < 14.7 |
| postgresql | postgresql | 15.0 ≤ 𝑥 < 15.2 |
| redhat | integration_camel_k | - |
| redhat | integration_camel_quarkus | - |
| redhat | integration_service_registry | - |
| redhat | enterprise_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| postgresql-10 |
| ||||||||||||
| postgresql-12 |
| ||||||||||||
| postgresql-14 |
| ||||||||||||
| postgresql-9.1 |
| ||||||||||||
| postgresql-9.3 |
| ||||||||||||
| postgresql-9.5 |
|
Common Weakness Enumeration
References