vulnerability
Oracle Linux: CVE-2025-12818: ELSA-2026-0458: libpq security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Nov 13, 2025 | Jan 15, 2026 | Jan 19, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Nov 13, 2025
Added
Jan 15, 2026
Modified
Jan 19, 2026
Description
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.
A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.
Solutions
oracle-linux-upgrade-libpqoracle-linux-upgrade-libpq-develoracle-linux-upgrade-pgauditoracle-linux-upgrade-pg-repackoracle-linux-upgrade-pgvectororacle-linux-upgrade-postgisoracle-linux-upgrade-postgis-clientoracle-linux-upgrade-postgis-docsoracle-linux-upgrade-postgis-upgradeoracle-linux-upgrade-postgis-utilsoracle-linux-upgrade-postgres-decoderbufsoracle-linux-upgrade-postgresqloracle-linux-upgrade-postgresql-contriboracle-linux-upgrade-postgresql-docsoracle-linux-upgrade-postgresql-plperloracle-linux-upgrade-postgresql-plpython3oracle-linux-upgrade-postgresql-pltcloracle-linux-upgrade-postgresql-private-develoracle-linux-upgrade-postgresql-private-libsoracle-linux-upgrade-postgresql-serveroracle-linux-upgrade-postgresql-server-develoracle-linux-upgrade-postgresql-staticoracle-linux-upgrade-postgresql-testoracle-linux-upgrade-postgresql-test-rpm-macrosoracle-linux-upgrade-postgresql-upgradeoracle-linux-upgrade-postgresql-upgrade-devel
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.