Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-8294-1
Vulnerability from osv_ubuntu
It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. (CVE-2026-6472)
It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-6473)
It was discovered that PostgreSQL incorrectly handled format strings in the timeofday() function. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6474)
It was discovered that PostgreSQL incorrectly followed symbolic links in pg_basebackup and pg_rewind. An attacker could possibly use this issue to overwrite local files and execute arbitrary code. (CVE-2026-6475)
It was discovered that PostgreSQL had an SQL injection vulnerability in pg_createsubscriber. An attacker could possibly use this issue to execute arbitrary SQL as a superuser. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-6476)
It was discovered that PostgreSQL used an unsafe libpq function in large object operations. An attacker could possibly use this issue to overwrite client memory and execute arbitrary code. (CVE-2026-6477)
It was discovered that PostgreSQL did not compare MD5-hashed passwords in constant time. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6478)
It was discovered that PostgreSQL had uncontrolled recursion during SSL and GSS negotiation. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-6479)
It was discovered that PostgreSQL incorrectly handled array length mismatches in pg_restore_attribute_stats(). An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-6575)
It was discovered that PostgreSQL had a stack buffer overflow in the refint module. An attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6637)
It was discovered that PostgreSQL had an SQL injection vulnerability in logical replication REFRESH PUBLICATION. An attacker could possibly use this issue to execute arbitrary SQL. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-6638)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-6472",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6473",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6474",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6475",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6476",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6477",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6478",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6479",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6575",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6637",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6638",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-6472",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6473",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6474",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6475",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6476",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6477",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6478",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6479",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6575",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6637",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6638",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-6472",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6473",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6474",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6475",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6476",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6477",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6478",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6479",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6575",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6637",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6638",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.10"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-6472",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6473",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6474",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6475",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6476",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6477",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6478",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6479",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6575",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6637",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6638",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:26.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "It was discovered that PostgreSQL did not correctly enforce authorization\nfor CREATE TYPE. An attacker could possibly use this issue to execute\narbitrary SQL functions. (CVE-2026-6472)\n\nIt was discovered that PostgreSQL incorrectly handled large user input in\nmultiple server features. An attacker could possibly use this issue to\ncause PostgreSQL to crash, resulting in a denial of service, or execute\narbitrary code. (CVE-2026-6473)\n\nIt was discovered that PostgreSQL incorrectly handled format strings in\nthe timeofday() function. An attacker could possibly use this issue to\nobtain sensitive information. (CVE-2026-6474)\n\nIt was discovered that PostgreSQL incorrectly followed symbolic links in\npg_basebackup and pg_rewind. An attacker could possibly use this issue to\noverwrite local files and execute arbitrary code. (CVE-2026-6475)\n\nIt was discovered that PostgreSQL had an SQL injection vulnerability in\npg_createsubscriber. An attacker could possibly use this issue to execute\narbitrary SQL as a superuser. This issue only affected Ubuntu 25.10 and\nUbuntu 26.04 LTS. (CVE-2026-6476)\n\nIt was discovered that PostgreSQL used an unsafe libpq function in large\nobject operations. An attacker could possibly use this issue to overwrite\nclient memory and execute arbitrary code. (CVE-2026-6477)\n\nIt was discovered that PostgreSQL did not compare MD5-hashed passwords in\nconstant time. An attacker could possibly use this issue to obtain\nsensitive information. (CVE-2026-6478)\n\nIt was discovered that PostgreSQL had uncontrolled recursion during SSL and\nGSS negotiation. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2026-6479)\n\nIt was discovered that PostgreSQL incorrectly handled array length\nmismatches in pg_restore_attribute_stats(). An attacker could possibly use\nthis issue to obtain sensitive information. This issue only affected Ubuntu\n26.04 LTS. (CVE-2026-6575)\n\nIt was discovered that PostgreSQL had a stack buffer overflow in the refint\nmodule. An attacker could use this issue to cause PostgreSQL to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2026-6637)\n\nIt was discovered that PostgreSQL had an SQL injection vulnerability in\nlogical replication REFRESH PUBLICATION. An attacker could possibly use\nthis issue to execute arbitrary SQL. This issue only affected Ubuntu 24.04\nLTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-6638)",
"id": "USN-8294-1",
"modified": "2026-06-30T15:55:19Z",
"published": "2026-05-21T20:39:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6472"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6473"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6474"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6475"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6476"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6477"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6478"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6479"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6575"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6637"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6638"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2026-6472",
"UBUNTU-CVE-2026-6473",
"UBUNTU-CVE-2026-6474",
"UBUNTU-CVE-2026-6475",
"UBUNTU-CVE-2026-6476",
"UBUNTU-CVE-2026-6477",
"UBUNTU-CVE-2026-6478",
"UBUNTU-CVE-2026-6479",
"UBUNTU-CVE-2026-6575",
"UBUNTU-CVE-2026-6637",
"UBUNTU-CVE-2026-6638"
]
}
ubuntu-cve-2026-6472
Vulnerability from osv_ubuntu
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker\u0027s choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
"id": "UBUNTU-CVE-2026-6472",
"modified": "2026-05-21T23:03:34Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6472"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6472"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6472/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6472"
]
}
ubuntu-cve-2026-6473
Vulnerability from osv_ubuntu
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
"id": "UBUNTU-CVE-2026-6473",
"modified": "2026-06-30T16:18:37Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6473"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6473"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6473/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6473"
]
}
ubuntu-cve-2026-6474
Vulnerability from osv_ubuntu
Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
"id": "UBUNTU-CVE-2026-6474",
"modified": "2026-05-21T23:03:34Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6474"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6474"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6474/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6474"
]
}
ubuntu-cve-2026-6475
Vulnerability from osv_ubuntu
Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
"id": "UBUNTU-CVE-2026-6475",
"modified": "2026-05-21T23:03:34Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6475"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6475"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6475/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6475"
]
}
ubuntu-cve-2026-6476
Vulnerability from osv_ubuntu
SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.",
"id": "UBUNTU-CVE-2026-6476",
"modified": "2026-05-21T23:03:34Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6476"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6476"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6476/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6476"
]
}
ubuntu-cve-2026-6477
Vulnerability from osv_ubuntu
Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
"id": "UBUNTU-CVE-2026-6477",
"modified": "2026-06-30T16:18:37Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6477"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6477"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6477/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6477"
]
}
ubuntu-cve-2026-6478
Vulnerability from osv_ubuntu
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
"id": "UBUNTU-CVE-2026-6478",
"modified": "2026-06-30T16:18:37Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6478"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6478"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6478/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6478"
]
}
ubuntu-cve-2026-6479
Vulnerability from osv_ubuntu
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
"id": "UBUNTU-CVE-2026-6479",
"modified": "2026-05-21T23:03:34Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6479"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6479"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6479/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6479"
]
}
ubuntu-cve-2026-6575
Vulnerability from osv_ubuntu
Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.",
"id": "UBUNTU-CVE-2026-6575",
"modified": "2026-05-21T23:03:35Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6575"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6575"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6575/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6575"
]
}
ubuntu-cve-2026-6637
Vulnerability from osv_ubuntu
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libecpg6",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "libpq5",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-client-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-contrib-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-doc-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plperl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-plpython3-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-pltcl-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
},
{
"binary_name": "postgresql-server-dev-9.3",
"binary_version": "9.3.24-0ubuntu0.14.04+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "postgresql-9.3",
"purl": "pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.1-1",
"9.3.2-1",
"9.3.2-1ubuntu1",
"9.3.2-1ubuntu2",
"9.3.3-1",
"9.3.3-1bzr1",
"9.3.3-1bzr2",
"9.3.4-1",
"9.3.5-0ubuntu0.14.04.1",
"9.3.6-0ubuntu0.14.04",
"9.3.7-0ubuntu0.14.04",
"9.3.8-0ubuntu0.4.04",
"9.3.9-0ubuntu0.14.04",
"9.3.10-0ubuntu0.14.04",
"9.3.11-0ubuntu0.14.04",
"9.3.12-0ubuntu0.14.04",
"9.3.13-0ubuntu0.14.04",
"9.3.14-0ubuntu0.14.04",
"9.3.15-0ubuntu0.14.04",
"9.3.16-0ubuntu0.14.04",
"9.3.17-0ubuntu0.14.04",
"9.3.18-0ubuntu0.14.04.1",
"9.3.19-0ubuntu0.14.04",
"9.3.20-0ubuntu0.14.04",
"9.3.21-0ubuntu0.14.04",
"9.3.22-0ubuntu0.14.04",
"9.3.23-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04",
"9.3.24-0ubuntu0.14.04+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libecpg6",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpgtypes3",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "libpq5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-client-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-contrib-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-doc-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plperl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-plpython3-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-pltcl-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
},
{
"binary_name": "postgresql-server-dev-9.5",
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "postgresql-9.5",
"purl": "pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.5.0-1",
"9.5.0-2",
"9.5.0-3",
"9.5.1-1",
"9.5.2-1",
"9.5.3-0ubuntu0.16.04",
"9.5.4-0ubuntu0.16.04",
"9.5.5-0ubuntu0.16.04",
"9.5.6-0ubuntu0.16.04",
"9.5.7-0ubuntu0.16.04",
"9.5.8-0ubuntu0.16.04.1",
"9.5.9-0ubuntu0.16.04",
"9.5.10-0ubuntu0.16.04",
"9.5.11-0ubuntu0.16.04",
"9.5.12-0ubuntu0.16.04",
"9.5.13-0ubuntu0.16.04",
"9.5.14-0ubuntu0.16.04",
"9.5.16-0ubuntu0.16.04.1",
"9.5.17-0ubuntu0.16.04.1",
"9.5.18-0ubuntu0.16.04.1",
"9.5.19-0ubuntu0.16.04.1",
"9.5.21-0ubuntu0.16.04.1",
"9.5.23-0ubuntu0.16.04.1",
"9.5.24-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1",
"9.5.25-0ubuntu0.16.04.1+esm1",
"9.5.25-0ubuntu0.16.04.1+esm2",
"9.5.25-0ubuntu0.16.04.1+esm3",
"9.5.25-0ubuntu0.16.04.1+esm4",
"9.5.25-0ubuntu0.16.04.1+esm5",
"9.5.25-0ubuntu0.16.04.1+esm6",
"9.5.25-0ubuntu0.16.04.1+esm7",
"9.5.25-0ubuntu0.16.04.1+esm8",
"9.5.25-0ubuntu0.16.04.1+esm10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libecpg6",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpgtypes3",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "libpq5",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-client-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-doc-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plperl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-plpython3-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-pltcl-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
},
{
"binary_name": "postgresql-server-dev-10",
"binary_version": "10.23-0ubuntu0.18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "postgresql-10",
"purl": "pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.1-1",
"10.1-2",
"10.2-1",
"10.3-1",
"10.4-0ubuntu0.18.04",
"10.5-0ubuntu0.18.04",
"10.6-0ubuntu0.18.04.1",
"10.7-0ubuntu0.18.04.1",
"10.8-0ubuntu0.18.04.1",
"10.9-0ubuntu0.18.04.1",
"10.10-0ubuntu0.18.04.1",
"10.12-0ubuntu0.18.04.1",
"10.14-0ubuntu0.18.04.1",
"10.15-0ubuntu0.18.04.1",
"10.16-0ubuntu0.18.04.1",
"10.17-0ubuntu0.18.04.1",
"10.18-0ubuntu0.18.04.1",
"10.19-0ubuntu0.18.04.1",
"10.20-0ubuntu0.18.04.1",
"10.21-0ubuntu0.18.04.1",
"10.22-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.1",
"10.23-0ubuntu0.18.04.2",
"10.23-0ubuntu0.18.04.2+esm1",
"10.23-0ubuntu0.18.04.2+esm2",
"10.23-0ubuntu0.18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "postgresql-12",
"purl": "pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.0-1",
"12.1-1",
"12.1-2build1",
"12.2-1",
"12.2-1ubuntu2",
"12.2-4",
"12.4-0ubuntu0.20.04.1",
"12.5-0ubuntu0.20.04.1",
"12.6-0ubuntu0.20.04.1",
"12.7-0ubuntu0.20.04.1",
"12.8-0ubuntu0.20.04.1",
"12.9-0ubuntu0.20.04.1",
"12.10-0ubuntu0.20.04.1",
"12.11-0ubuntu0.20.04.1",
"12.12-0ubuntu0.20.04.1",
"12.13-0ubuntu0.20.04.1",
"12.14-0ubuntu0.20.04.1",
"12.15-0ubuntu0.20.04.1",
"12.16-0ubuntu0.20.04.1",
"12.17-0ubuntu0.20.04.1",
"12.18-0ubuntu0.20.04.1",
"12.19-0ubuntu0.20.04.1",
"12.20-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.1",
"12.22-0ubuntu0.20.04.2",
"12.22-0ubuntu0.20.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.23-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.23-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.23-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1",
"14.12-0ubuntu0.22.04.1",
"14.13-0ubuntu0.22.04.1",
"14.15-0ubuntu0.22.04.1",
"14.17-0ubuntu0.22.04.1",
"14.18-0ubuntu0.22.04.1",
"14.19-0ubuntu0.22.04.1",
"14.20-0ubuntu0.22.04.1",
"14.22-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.14-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.14-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.14-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4",
"16.3-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.1",
"16.4-0ubuntu0.24.04.2",
"16.6-0ubuntu0.24.04.1",
"16.8-0ubuntu0.24.04.1",
"16.9-0ubuntu0.24.04.1",
"16.10-0ubuntu0.24.04.1",
"16.11-0ubuntu0.24.04.1",
"16.13-0ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libecpg6",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "libpq5",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-client-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-doc-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plperl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-plpython3-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-pltcl-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
},
{
"binary_name": "postgresql-server-dev-17",
"binary_version": "17.10-0ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "postgresql-17",
"purl": "pkg:deb/ubuntu/postgresql-17@17.10-0ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.10-0ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"17.4-1",
"17.4-2",
"17.5-1",
"17.5-1build1",
"17.6-1",
"17.6-1build1",
"17.7-0ubuntu0.25.10.1",
"17.9-0ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq-oauth",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-18-jit",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-client-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-doc-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plperl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-plpython3-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-pltcl-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
},
{
"binary_name": "postgresql-server-dev-18",
"binary_version": "18.4-0ubuntu0.26.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "postgresql-18",
"purl": "pkg:deb/ubuntu/postgresql-18@18.4-0ubuntu0.26.04.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.4-0ubuntu0.26.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"18.0-1",
"18.1-1",
"18.1-1ubuntu1",
"18.1-1ubuntu2",
"18.1-2",
"18.3-1"
]
}
],
"aliases": [],
"details": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
"id": "UBUNTU-CVE-2026-6637",
"modified": "2026-05-21T23:03:35Z",
"published": "2026-05-14T14:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6637"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6637"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/"
},
{
"type": "REPORT",
"url": "https://www.postgresql.org/support/security/CVE-2026-6637/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8294-1"
}
],
"related": [
"USN-8294-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-6637"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.