AZL-77580

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77580.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-77580

Upstream

CVE-2026-2003

Published

2026-02-12T14:16:02Z

Modified

2026-04-01T05:23:08.744479Z

Summary

CVE-2026-2003 affecting package postgresql for versions less than 14.21-1

Details

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-2003

Affected packages

Azure Linux:2 / postgresql

Package

Name: postgresql
Purl: pkg:rpm/azure-linux/postgresql

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.21-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77580.json"