In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2165722 | Issue Tracking Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230427-0002/ | |
https://www.postgresql.org/support/security/CVE-2022-41862/ | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2165722 | Issue Tracking Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230427-0002/ | |
https://www.postgresql.org/support/security/CVE-2022-41862/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 07:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2165722 - Issue Tracking, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20230427-0002/ - | |
References | () https://www.postgresql.org/support/security/CVE-2022-41862/ - Vendor Advisory |
Information
Published : 2023-03-03 16:15
Updated : 2024-11-21 07:23
NVD link : CVE-2022-41862
Mitre link : CVE-2022-41862
CVE.ORG link : CVE-2022-41862
JSON object : View
Products Affected
postgresql
- postgresql
redhat
- enterprise_linux
- integration_service_registry
- integration_camel_k
- integration_camel_quarkus
fedoraproject
- fedora
CWE