CVE-2025-4207

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination.  This affects the database server and also libpq.  Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
PostgreSQLCNA
5.9 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Debian logo
Debian Releases
Debian Product
Codename
postgresql-13
bullseye
vulnerable
bullseye (security)
13.21-0+deb11u1
fixed
postgresql-15
bookworm
15.13-0+deb12u1
fixed
bookworm (security)
vulnerable
postgresql-17
sid
17.5-1
fixed
trixie
17.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-10
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
needs-triage
postgresql-12
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 12.22-0ubuntu0.20.04.4
released
postgresql-14
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 14.18-0ubuntu0.22.04.1
released
focal
dne
postgresql-16
plucky
dne
oracular
Fixed 16.9-0ubuntu0.24.10.1
released
noble
Fixed 16.9-0ubuntu0.24.04.1
released
jammy
dne
focal
dne
postgresql-17
plucky
Fixed 17.5-0ubuntu0.25.04.1
released
oracular
dne
noble
dne
jammy
dne
focal
dne
postgresql-9.3
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
trusty
deferred
postgresql-9.5
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
needs-triage
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://www.postgresql.org/support/security/CVE-2025-4207/
http://www.openwall.com/lists/oss-security/2025/05/09/3
https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html