AI description
CVE-2025-12818 describes an integer wraparound vulnerability found within multiple functions of the PostgreSQL `libpq` client library. This flaw allows an application input provider or a network peer to manipulate `libpq` into allocating an undersized memory buffer. The consequence of this undersized allocation is an out-of-bounds write, potentially spanning hundreds of megabytes, which ultimately leads to a segmentation fault and crashes the application utilizing `libpq`. This vulnerability affects PostgreSQL versions prior to 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23.
- Description
- Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
- Source
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- CWE-190
- Hype score
- Not currently trending
#exploit #AppSec 1⃣. CVE-2026-28292: simple-git RCE - Case-Sensitivity Bypass https://t.co/JE3dMUYY7j // A regex bug in simple-git 3.15.0 - 3.32.3 allows bypassing CVE patches and enables RCE via uppercase protocol variants 2⃣. CVE-2025-12818: https://t.co/ndzaNtQszb Attack
@ksg93rd
13 Mar 2026
1008 Impressions
3 Retweets
18 Likes
3 Bookmarks
0 Replies
0 Quotes
🐘 Attack arithmetic: how an integer overflow in PostgreSQL libpq leads to denial of service. Our researcher Aleksey Solovev discovered the vulnerability CVE-2025-12818, which may cause a product using the libpq PostgreSQL library to crash. https://t.co/fP2LJFmqPS https://t.c
@ptswarm
10 Mar 2026
2376 Impressions
9 Retweets
20 Likes
5 Bookmarks
0 Replies
0 Quotes
URGENT: CVE-2025-12818 - Critical #PostgreSQL libpq buffer overflow vulnerability (CVSS 8.5+). Remote code execution possible via connection string exploits. Read more: 👉 https://t.co/XUtyH6kX5z #Security #Oracle https://t.co/nTlWfjNnjj
@Cezar_H_Linux
16 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #PostgreSQL 13 users: Patch immediately! CVE-2025-12817 (auth bypass) & CVE-2025-12818 (libpq crash) can cause DoS. Fixed in Debian LTS DLA-4420-1. Guide: Read more: 👉 https://t.co/CpGqtBmLqc #Security https://t.co/ZEgFZfnAia
@Cezar_H_Linux
26 Dec 2025
73 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
openSUSE Leap 15.6 releases PostgreSQL 13.23 update fixing critical flaws CVE-2025-12817 (missing CREATE STATISTICS privilege check) and CVE-2025-12818 (libpq integer overflow). Patch now. #Vulnerability https://t.co/vW3XLXU9qN
@threatcluster
9 Dec 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Advisory for #openSUSE Tumbleweed 🚨 A new patch is available for PostgreSQL 17, addressing two vulnerabilities (CVE-2025-12817, CVE-2025-12818). Read more: 👉 https://t.co/kLkVNJwDs4 #Security https://t.co/BY5XBkCVFf
@Cezar_H_Linux
30 Nov 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2 CVEs in PostgreSQL fixed https://t.co/wFkYuCkskw CVE-2025-12817: PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12818: PostgreSQL libpq undersizes allocations, via integer wraparound PostgreSQL 13 EOL Notice
@oss_security
14 Nov 2025
710 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-12818 Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocatio… https://t.co/7maWwQdgQF
@CVEnew
13 Nov 2025
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes