Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
12.0-112.1-112.1-2build112.10-0ubuntu0.20.04.112.11-0ubuntu0.20.04.112.12-0ubuntu0.20.04.112.13-0ubuntu0.20.04.112.14-0ubuntu0.20.04.112.15-0ubuntu0.20.04.112.16-0ubuntu0.20.04.1+16 more14.23-0ubuntu0.22.04.116.14-0ubuntu0.24.04.117.10-0ubuntu0.25.10.118.4-0ubuntu0.26.04.19.3.1-19.3.10-0ubuntu0.14.049.3.11-0ubuntu0.14.049.3.12-0ubuntu0.14.049.3.13-0ubuntu0.14.049.3.14-0ubuntu0.14.049.3.15-0ubuntu0.14.049.3.16-0ubuntu0.14.049.3.17-0ubuntu0.14.049.3.18-0ubuntu0.14.04.1+19 more9.5.0-19.5.0-29.5.0-39.5.1-19.5.10-0ubuntu0.16.049.5.11-0ubuntu0.16.049.5.12-0ubuntu0.16.049.5.13-0ubuntu0.16.049.5.14-0ubuntu0.16.049.5.16-0ubuntu0.16.04.1+24 more10.1-110.1-210.10-0ubuntu0.18.04.110.12-0ubuntu0.18.04.110.14-0ubuntu0.18.04.110.15-0ubuntu0.18.04.110.16-0ubuntu0.18.04.110.17-0ubuntu0.18.04.110.18-0ubuntu0.18.04.110.19-0ubuntu0.18.04.1+16 moreExploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H