Fedora Account System
Red Hat Associate
Red Hat Customer
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
*** Bug 2448985 has been marked as a duplicate of this bug. ***
*** Bug 2448986 has been marked as a duplicate of this bug. ***
*** Bug 2448987 has been marked as a duplicate of this bug. ***
*** Bug 2448988 has been marked as a duplicate of this bug. ***
*** Bug 2448989 has been marked as a duplicate of this bug. ***
*** Bug 2448990 has been marked as a duplicate of this bug. ***
*** Bug 2448992 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:22450 https://access.redhat.com/errata/RHSA-2026:22450
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:22714 https://access.redhat.com/errata/RHSA-2026:22714