vulnerability
FreeBSD: VID-364e5fa4-c178-11f0-b614-b42e991fc52e (CVE-2025-12818): PostgreSQL -- Multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:N/A:C) | Nov 14, 2025 | Dec 10, 2025 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
Nov 14, 2025
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
https://www.postgresql.org/support/security/CVE-2025-12818/ reports: Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail.
Solutions
freebsd-upgrade-package-postgresql13-clientfreebsd-upgrade-package-postgresql14-clientfreebsd-upgrade-package-postgresql15-clientfreebsd-upgrade-package-postgresql16-clientfreebsd-upgrade-package-postgresql17-clientfreebsd-upgrade-package-postgresql18-client
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.