CVE-2025-4207

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination.  This affects the database server and also libpq.  Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
PostgreSQLCNA
5.9 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Debian logo
Debian Releases
Debian Product
Codename
postgresql-13
bullseye
vulnerable
bullseye (security)
13.23-0+deb11u1
fixed
postgresql-15
bookworm
15.15-0+deb12u1
fixed
bookworm (security)
vulnerable
postgresql-17
trixie
17.7-0+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-17
questing
not-affected
plucky
Fixed 17.5-0ubuntu0.25.04.1
released
oracular
dne
noble
dne
jammy
dne
focal
dne
postgresql-16
questing
dne
plucky
dne
oracular
Fixed 16.9-0ubuntu0.24.10.1
released
noble
Fixed 16.9-0ubuntu0.24.04.1
released
jammy
dne
focal
dne
postgresql-14
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 14.18-0ubuntu0.22.04.1
released
focal
dne
postgresql-12
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 12.22-0ubuntu0.20.04.4
released
postgresql-10
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
needs-triage
postgresql-9.5
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
needs-triage
postgresql-9.3
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
trusty
deferred
Common Weakness Enumeration
References
https://www.postgresql.org/support/security/CVE-2025-4207/
http://www.openwall.com/lists/oss-security/2025/05/09/3
https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html