CVE-2022-41862

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41862

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41862.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-41862

Aliases

BIT-postgresql-2022-41862

Downstream

ALPINE-CVE-2022-41862

DEBIAN-CVE-2022-41862

RHSA-2023:1576

RHSA-2023:1693

RHSA-2023:4535

RHSA-2023:6429

RHSA-2023:7016

RHSA-2023:7545

RHSA-2023:7580

RHSA-2023:7666

RHSA-2023:7667

RHSA-2023:7694

RHSA-2023:7695

RHSA-2023:7772

SUSE-SU-2023:0390-1

SUSE-SU-2023:0391-1

SUSE-SU-2023:0392-1

SUSE-SU-2023:0393-1

SUSE-SU-2023:0450-1

SUSE-SU-2023:0479-1

SUSE-SU-2023:0569-1

SUSE-SU-2023:0583-1

SUSE-SU-2023:0705-1

UBUNTU-CVE-2022-41862

USN-5906-1

openSUSE-SU-2024:12677-1

openSUSE-SU-2024:12678-1

openSUSE-SU-2024:12679-1

openSUSE-SU-2024:12680-1

openSUSE-SU-2024:14360-1

Related

Published

2023-03-03T16:15:09Z

Modified

2025-10-06T11:52:36.875525Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

References

Affected packages

Git / git.postgresql.org/git/postgresql.git

Affected ranges

Type: GIT
Repo: https://git.postgresql.org/git/postgresql.git
Events: Introduced

ad1f2885b8c82e0c2d56d7974f012cbecce17a17

Fixed

533cc39b750bd7600e8e2e5cab819a27f1717960

Affected versions

Other

REL_12_0

REL_12_1

REL_12_10

REL_12_11

REL_12_12

REL_12_13

REL_12_2

REL_12_3

REL_12_4

REL_12_5

REL_12_6

REL_12_7

REL_12_8

REL_12_9