"The more pressing of the PostgreSQL zero-day flaws is a heap-based buffer overflow issue, tracked as CVE-2026-2005, in the 'pgcrypto' extension. By using specially crafted input, an attacker can trigger a size mismatch that leads to out-of-bounds writes on the heap."
"In environments where pgcrypto processes user-controlled input, this can be leveraged to achieve remote code execution on the database server. The flaw affected all supported versions, and has been fixed in updates including v18.2, v17.8, v16.12, v15.16, and v14.21."
"It received a high-severity rating of CVSS 8.8 out of 10. The vulnerable code has been present since pgcrypto was first contributed in 2005, more than 20 years ago."
Patches have been released for vulnerabilities in PostgreSQL and MariaDB, with maintainers urging immediate upgrades. A significant zero-day flaw in PostgreSQL, tracked as CVE-2026-2005, involves a heap-based buffer overflow in the pgcrypto extension. This flaw allows attackers to exploit user-controlled input, potentially leading to remote code execution. All supported versions are affected, and the issue has been rated with a high severity of CVSS 8.8. The vulnerable code has existed since 2005.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]