QSearchQSearch

CVE-2026-6575

4.3 MEDIUM

Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query plannin...

Published: 2026-05-14 · Last updated: 2026-05-18

Severity and scoring

CVSS
4.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
CWE-126

Affected products

VendorProduct
postgresqlpostgresql

Description

Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-6638 SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION .. (3.7 LOW)
  • CVE-2026-6637 Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating syste... (8.8 HIGH)
  • CVE-2026-6479 Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve... (7.5 HIGH)
  • CVE-2026-6478 Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials su... (6.5 MEDIUM)
  • CVE-2026-6477 Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tel... (8.8 HIGH)

Same CWE

  • CVE-2026-45460 Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally (4.7 MEDIUM)
  • CVE-2026-42828 Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally (7.8 HIGH)
  • CVE-2026-11787 A flaw was found in 389 Directory Server (5.0 MEDIUM)
  • CVE-2026-44185 Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects... (7.3 HIGH)
  • CVE-2026-45684 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (4.9 MEDIUM)