Lucene search

K

GoogleOSV:GHSA-MRWW-27VC-GGHV

HistoryMar 04, 2024 - 8:43 p.m.

pgx SQL Injection via Protocol Message Size Overflow

2024-03-0420:43:24

Google

osv.dev

21

sql injection

protocol message size

overflow

patches

workarounds

software

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0

Percentile

10.3%

Impact

SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker’s control.

Patches

The problem is resolved in v4.18.2 and v5.5.4.

Workarounds

Reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

References

github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007

github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8

github.com/jackc/pgx

github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4

github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8

github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df

github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0

Percentile

10.3%

Related for OSV:GHSA-MRWW-27VC-GGHV

cbl_mariner2 osv35 redhatcve1 ubuntucve1 prion1 cgr1 nvd1 veracode1 debiancve1 cve1 ibm4 wolfi1 vulnrichment1 cvelist1 github1 redhat1