CVE-2022-41862
Description
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
CWE
- CWE-200 — CWE-200
Affected
- n/a / postgresql — v=postgresql 5.2, postgresql 14.7, postgresql 13.10, postgresql 12.14, postgresql 11.19 [affected]
CVSS
- (none)
References
- https://www.postgresql.org/support/security/CVE-2022-41862/
- https://bugzilla.redhat.com/show_bug.cgi?id=2165722
- https://security.netapp.com/advisory/ntap-20230427-0002/
Source
cvelistV5-main/cves/2022/41xxx/CVE-2022-41862.json