Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 955658 (CVE-2025-4207) - <dev-db/postgresql-{13.21:13,14.18:14,15.13:15,16.9:16,17.5:17}: Denial of Service
Summary: <dev-db/postgresql-{13.21:13,14.18:14,15.13:15,16.9:16,17.5:17}: Denial of Se...
Status: CONFIRMED
Alias: CVE-2025-4207
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://www.postgresql.org/support/se...
Whiteboard: B3 [stable]
Keywords:
Depends on: 955659
Blocks:
  Show dependency tree
 
Reported: 2025-05-09 05:34 UTC by Patrick Lauer
Modified: 2025-06-10 07:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Lauer gentoo-dev 2025-05-09 05:34:28 UTC 
A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.