https://www.postgresql.org/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/
announces the release of PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21, all
of which include a fix for:
CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end
of allocation for text that fails validation
CVSS v3.1 Base Score: 5.9
Supported, Vulnerable Versions: 13 - 17.
A buffer over-read in PostgreSQL GB18030 encoding validation allows a database
input provider to achieve temporary denial of service on platforms where a
1-byte over-read can elicit process termination.
This affects the database server and also libpq.
Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
