Bug 2439322 (CVE-2026-2003) - CVE-2026-2003 postgresql: PostgreSQL oidvector discloses a few bytes of memory
Summary: CVE-2026-2003 postgresql: PostgreSQL oidvector discloses a few bytes of memory
Keywords:
Status: NEW
Alias: CVE-2026-2003
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2439444 2439445 2439446 2439447 2439448 2439449 2439450
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-12 14:01 UTC by OSIDB Bzimport
Modified: 2026-05-19 13:08 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:19009 0 None None None 2026-05-19 13:01:37 UTC
Red Hat Product Errata RHSA-2026:19010 0 None None None 2026-05-19 13:08:22 UTC
Red Hat Product Errata RHSA-2026:4254 0 None None None 2026-03-11 03:37:05 UTC
Red Hat Product Errata RHSA-2026:4441 0 None None None 2026-03-12 08:52:34 UTC
Red Hat Product Errata RHSA-2026:4515 0 None None None 2026-03-12 16:27:23 UTC
Red Hat Product Errata RHSA-2026:4544 0 None None None 2026-03-12 22:28:07 UTC
Red Hat Product Errata RHSA-2026:4546 0 None None None 2026-03-12 22:20:56 UTC
Red Hat Product Errata RHSA-2026:4547 0 None None None 2026-03-12 22:36:37 UTC
Red Hat Product Errata RHSA-2026:4548 0 None None None 2026-03-12 22:55:23 UTC

Description OSIDB Bzimport 2026-02-12 14:01:44 UTC 
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory.  We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Comment 2 errata-xmlrpc 2026-03-11 03:37:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:4254 https://access.redhat.com/errata/RHSA-2026:4254
Comment 5 errata-xmlrpc 2026-03-12 08:52:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:4441 https://access.redhat.com/errata/RHSA-2026:4441
Comment 6 errata-xmlrpc 2026-03-12 16:27:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Via RHSA-2026:4515 https://access.redhat.com/errata/RHSA-2026:4515
Comment 7 errata-xmlrpc 2026-03-12 22:20:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:4546 https://access.redhat.com/errata/RHSA-2026:4546
Comment 8 errata-xmlrpc 2026-03-12 22:28:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:4544 https://access.redhat.com/errata/RHSA-2026:4544
Comment 9 errata-xmlrpc 2026-03-12 22:36:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:4547 https://access.redhat.com/errata/RHSA-2026:4547
Comment 10 errata-xmlrpc 2026-03-12 22:55:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:4548 https://access.redhat.com/errata/RHSA-2026:4548
Comment 11 errata-xmlrpc 2026-05-19 13:01:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19009 https://access.redhat.com/errata/RHSA-2026:19009
Comment 12 errata-xmlrpc 2026-05-19 13:01:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19010 https://access.redhat.com/errata/RHSA-2026:19010
Note You need to log in before you can comment on or make changes to this bug.