In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2165722 | Issue Tracking Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230427-0002/ | |
https://www.postgresql.org/support/security/CVE-2022-41862/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2023-03-03 16:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-41862
Mitre link : CVE-2022-41862
CVE.ORG link : CVE-2022-41862
JSON object : View
Products Affected
redhat
- integration_camel_k
- enterprise_linux
- integration_service_registry
- integration_camel_quarkus
fedoraproject
- fedora
postgresql
- postgresql
CWE