In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
[
{
"vendor": "n/a",
"product": "postgresql",
"versions": [
{
"version": "postgresql 5.2, postgresql 14.7, postgresql 13.10, postgresql 12.14, postgresql 11.19",
"status": "affected"
}
]
}
]