Buffer Over-read

CVE-2025-4207

Medium

5.9/10

Summary

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-126 - Buffer Over-read

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References

Advisory Timeline

Published May 08, 2025

Buffer Over-read

CVE-2025-4207

Summary

CWE-126 - Buffer Over-read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS