vulnerability
Red Hat: CVE-2025-12818: postgresql: libpq undersizes allocations, via integer wraparound (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Nov 13, 2025 | Dec 5, 2025 | Jan 21, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Nov 13, 2025
Added
Dec 5, 2025
Modified
Jan 21, 2026
Description
A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application segmentation fault or crash when using libpq to connect to a PostgreSQL server.
Solutions
redhat-upgrade-libpqredhat-upgrade-libpq-debuginforedhat-upgrade-libpq-debugsourceredhat-upgrade-libpq-develredhat-upgrade-libpq-devel-debuginforedhat-upgrade-pg_repackredhat-upgrade-pg_repack-debuginforedhat-upgrade-pg_repack-debugsourceredhat-upgrade-pgauditredhat-upgrade-pgaudit-debuginforedhat-upgrade-pgaudit-debugsourceredhat-upgrade-pgvectorredhat-upgrade-pgvector-debuginforedhat-upgrade-pgvector-debugsourceredhat-upgrade-postgisredhat-upgrade-postgis-clientredhat-upgrade-postgis-client-debuginforedhat-upgrade-postgis-debuginforedhat-upgrade-postgis-debugsourceredhat-upgrade-postgis-docsredhat-upgrade-postgis-upgraderedhat-upgrade-postgis-upgrade-debuginforedhat-upgrade-postgis-utilsredhat-upgrade-postgres-decoderbufsredhat-upgrade-postgres-decoderbufs-debuginforedhat-upgrade-postgres-decoderbufs-debugsourceredhat-upgrade-postgresqlredhat-upgrade-postgresql-contribredhat-upgrade-postgresql-contrib-debuginforedhat-upgrade-postgresql-debuginforedhat-upgrade-postgresql-debugsourceredhat-upgrade-postgresql-docsredhat-upgrade-postgresql-docs-debuginforedhat-upgrade-postgresql-plperlredhat-upgrade-postgresql-plperl-debuginforedhat-upgrade-postgresql-plpython3redhat-upgrade-postgresql-plpython3-debuginforedhat-upgrade-postgresql-pltclredhat-upgrade-postgresql-pltcl-debuginforedhat-upgrade-postgresql-private-develredhat-upgrade-postgresql-private-libsredhat-upgrade-postgresql-private-libs-debuginforedhat-upgrade-postgresql-serverredhat-upgrade-postgresql-server-debuginforedhat-upgrade-postgresql-server-develredhat-upgrade-postgresql-server-devel-debuginforedhat-upgrade-postgresql-staticredhat-upgrade-postgresql-testredhat-upgrade-postgresql-test-debuginforedhat-upgrade-postgresql-test-rpm-macrosredhat-upgrade-postgresql-upgraderedhat-upgrade-postgresql-upgrade-debuginforedhat-upgrade-postgresql-upgrade-develredhat-upgrade-postgresql-upgrade-devel-debuginforedhat-upgrade-postgresql16-debuginforedhat-upgrade-postgresql16-debugsource
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.