Bug 2439322 (CVE-2026-2003)

Summary: CVE-2026-2003 postgresql: PostgreSQL oidvector discloses a few bytes of memory
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2439444, 2439445, 2439446, 2439447, 2439448, 2439449, 2439450    
Bug Blocks:    

Description OSIDB Bzimport 2026-02-12 14:01:44 UTC 
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory.  We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Comment 2 errata-xmlrpc 2026-03-11 03:37:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:4254 https://access.redhat.com/errata/RHSA-2026:4254
Comment 5 errata-xmlrpc 2026-03-12 08:52:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:4441 https://access.redhat.com/errata/RHSA-2026:4441
Comment 6 errata-xmlrpc 2026-03-12 16:27:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Via RHSA-2026:4515 https://access.redhat.com/errata/RHSA-2026:4515
Comment 7 errata-xmlrpc 2026-03-12 22:20:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:4546 https://access.redhat.com/errata/RHSA-2026:4546
Comment 8 errata-xmlrpc 2026-03-12 22:28:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:4544 https://access.redhat.com/errata/RHSA-2026:4544
Comment 9 errata-xmlrpc 2026-03-12 22:36:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:4547 https://access.redhat.com/errata/RHSA-2026:4547
Comment 10 errata-xmlrpc 2026-03-12 22:55:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:4548 https://access.redhat.com/errata/RHSA-2026:4548