A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option gssencmode, a server can cause libpq to over-read and report an error message containing uninitialized bytes from and following its receive buffer. If libpq's caller somehow makes that message accessible to the attacker, this achieves a disclosure of the over-read bytes. We have not confirmed or ruled out viability of attacks that arrange for a crash or for presence of notable, confidential information in disclosed bytes.
The PostgreSQL project thanks Jacob Champion for reporting this problem.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 15 | 15.2 | Feb. 9, 2023 |
| 14 | 14.7 | Feb. 9, 2023 |
| 13 | 13.10 | Feb. 9, 2023 |
| 12 | 12.14 | Feb. 9, 2023 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 3.7 |
|---|---|
| Component | client |
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.