JLSEC-2026-602

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-602.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-602.json

JSON Data

https://api.test.osv.dev/v1/vulns/JLSEC-2026-602

Upstream

CVE-2026-6474

Published

2026-06-08T13:54:13.679Z

Modified

2026-06-08T14:00:17.655683075Z

Summary

[none]

Details

Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Database specific

{
    "sources": [
        {
            "modified": "2026-05-18T15:00:45.520Z",
            "database_specific": {
                "status": "Analyzed"
            },
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6474",
            "id": "CVE-2026-6474",
            "imported": "2026-06-08T13:34:09.532Z",
            "published": "2026-05-14T14:16:24.997Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-6474"
        }
    ],
    "license": "CC-BY-4.0"
}

References

https://www.postgresql.org/support/security/CVE-2026-6474/

Affected packages

Julia / LibPQ_jll

Package

Name: LibPQ_jll
Purl: pkg:julia/LibPQ_jll?uuid=08be9ffa-1c94-5ee5-a977-46a84ec9b350

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.14.0+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-602.json"