Bug 2448626 (CVE-2026-4427, GHSA-jqcq-xjh3-6g23)

Summary: CVE-2026-4427 github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: abuckta, agarcial, alcohan, aoconnor, aprice, asegurap, bdettelb, caswilli, ckandaga, cmah, crizzo, dfreiber, dkuc, doconnor, drow, eborisov, eshamard, gparvin, gtanzill, jbalunas, jburrell, jbuscemi, jdobes, jeder, jkoehler, jmitchel, jsamir, jsherril, jvasik, kaycoth, kgaikwad, kshier, lball, lgamliel, lphiri, mstipich, ngough, oezr, orabin, pahickey, pbohmill, pvasanth, rblanco, rexwhite, rfreiman, rhaigner, rochandr, sraymaek, stcannon, sthirugn, teagle, veshanka, vkumar, vmugicag, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2451847, 2448985, 2448986, 2448987, 2448988, 2448989, 2448990, 2448992    
Bug Blocks:    

Description OSIDB Bzimport 2026-03-18 14:02:42 UTC
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

Comment 3 Rohit Keshri 2026-03-30 07:00:53 UTC
CVE-2026-4427 is duplicate of CVE-2026-32286

Comment 7 errata-xmlrpc 2026-06-02 11:08:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:22450 https://access.redhat.com/errata/RHSA-2026:22450

Comment 8 errata-xmlrpc 2026-06-03 08:01:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:22714 https://access.redhat.com/errata/RHSA-2026:22714