Debian 11 PostgreSQL 13 Multiple Issues Fixed DLA-4524-1 CVE-2026-2003
debian lts
April 9, 2026
Multiple vulnerabilities were fixed in PostgreSQL, a popular database
Summary
CVE-2026-2003
Fix CVE-2026-2003: Improper validation of type "oidvector" in PostgreSQL
allows a database user to disclose a few bytes of server memory. We have
not ruled out viability of attacks that arrange for presence of
confidential information in disclosed bytes, but they seem unlikely.
CVE-2026-2004
Fix CVE-2026-2004: Missing validation of type of input in PostgreSQL
intarray extension selectivity estimator function allows an object creator
to execute arbitrary code as the operating system user running the
database.
CVE-2026-2005
Fix CVE-2026-2005: Heap buffer overflow in PostgreSQL pgcrypto allows a
ciphertext provider to execute arbitrary code as the operating system user
running the database.
CVE-2026-2006
Fix CVE-2026-2006: Missing validation of multibyte character length in
PostgreSQL text manipulation allows a database user to issue crafted
queries that achieve a buffer overrun. That suffices to execute arbitrary
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: postgresql-13
Version: 13.23-0+deb11u2
CVE ID: CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006
Debian Bug:
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!