2448626 – (CVE-2026-4427, GHSA-jqcq-xjh3-6g23) CVE-2026-4427 github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message

Bug 2448626 (CVE-2026-4427, GHSA-jqcq-xjh3-6g23) - CVE-2026-4427 github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message

Summary: CVE-2026-4427 github.com/jackc/pgproto3: pgproto3: Denial of Service via nega...

Keywords:
Status:	NEW
Alias:	CVE-2026-4427, GHSA-jqcq-xjh3-6g23
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2448985 2448986 2448987 2448988 2448989 2448990 2448992
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-18 14:02 UTC by OSIDB Bzimport
Modified:	2026-03-19 13:16 UTC (History)
CC List:	54 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-18 14:02:42 UTC

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

Note You need to log in before you can comment on or make changes to this bug.

abuckta
adudiak
agarcial
alcohan
aoconnor
aprice
asegurap
bdettelb
caswilli
ckandaga
cmah
crizzo
dfreiber
dkuc
doconnor
drow
gparvin
gtanzill
jaharrin
jbalunas
jburrell
jbuscemi
jdobes
jeder
jkoehler
jmitchel
jsamir
jsherril
jvasik
kaycoth
kgaikwad
kshier
lball
lgamliel
lphiri
mstipich
ngough
oezr
orabin
pahickey
pbohmill
pvasanth
rblanco
rexwhite
rfreiman
rhaigner
rochandr
stcannon
sthirugn
teagle
veshanka
vkumar
vmugicag
yguenane