Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
12.0-112.1-112.1-2build112.10-0ubuntu0.20.04.112.11-0ubuntu0.20.04.112.12-0ubuntu0.20.04.112.13-0ubuntu0.20.04.112.14-0ubuntu0.20.04.112.15-0ubuntu0.20.04.112.16-0ubuntu0.20.04.1+16 more14.22-0ubuntu0.22.04.116.13-0ubuntu0.24.04.117.9-0ubuntu0.25.10.19.3.1-19.3.10-0ubuntu0.14.049.3.11-0ubuntu0.14.049.3.12-0ubuntu0.14.049.3.13-0ubuntu0.14.049.3.14-0ubuntu0.14.049.3.15-0ubuntu0.14.049.3.16-0ubuntu0.14.049.3.17-0ubuntu0.14.049.3.18-0ubuntu0.14.04.1+19 more9.5.0-19.5.0-29.5.0-39.5.1-19.5.10-0ubuntu0.16.049.5.11-0ubuntu0.16.049.5.12-0ubuntu0.16.049.5.13-0ubuntu0.16.049.5.14-0ubuntu0.16.049.5.16-0ubuntu0.16.04.1+24 more10.1-110.1-210.10-0ubuntu0.18.04.110.12-0ubuntu0.18.04.110.14-0ubuntu0.18.04.110.15-0ubuntu0.18.04.110.16-0ubuntu0.18.04.110.17-0ubuntu0.18.04.110.18-0ubuntu0.18.04.110.19-0ubuntu0.18.04.1+16 moreExploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H