CVE-2025-12818 — MEDIUM (5.9)

Vulnerability Description

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Related Weaknesses (CWE)

CWE-190

References

https://www.postgresql.org/support/security/CVE-2025-12818/

FAQ

What is CVE-2025-12818?

CVE-2025-12818 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundr...

How severe is CVE-2025-12818?

CVE-2025-12818 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-12818?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.