A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option "gssencmode", a server can cause libpq to over-read and report an error message containing uninitialized bytes from and following its receive buffer. If libpq's caller somehow makes that message accessible to the attacker, this achieves a disclosure of the over-read bytes. We have not confirmed or ruled out viability of attacks that arrange for a crash or for presence of notable, confidential information in disclosed bytes.
Created postgresql-jdbc tracking bugs for this issue: Affects: fedora-all [bug 2170071]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1576 https://access.redhat.com/errata/RHSA-2023:1576
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1693 https://access.redhat.com/errata/RHSA-2023:1693
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-41862
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4535 https://access.redhat.com/errata/RHSA-2023:4535
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6429 https://access.redhat.com/errata/RHSA-2023:6429
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7016 https://access.redhat.com/errata/RHSA-2023:7016
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7545
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7580
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7667
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7666
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:7694 https://access.redhat.com/errata/RHSA-2023:7694
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:7695 https://access.redhat.com/errata/RHSA-2023:7695
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:7772 https://access.redhat.com/errata/RHSA-2023:7772