PostgreSQL missing validation of multibyte character length executes arbitrary code
Summary
PostgreSQL missing validation of multibyte character length executes arbitrary code. Red Hat rates this important (CVSS 8.8). Weakness: CWE-1285. Affected package(s): postgresql, postgresql:16, postgresql:15, postgresql18-main, rhui5/rhua-rhel9:1773670137, postgresql:13. Resolved in Red Hat advisory RHSA-2026:4516 — update the affected packages (`sudo dnf update`).
- postgresql-0:13.23-1.el9_6.1
- postgresql:16-9040020260306102041.rhel9
- postgresql-0:13.23-1.el9_4.1
- postgresql:15-9020020260309133405.rhel9
- postgresql:16-8100020260227221401.489197e6
- postgresql18-main-18.3-1.2.hum1
- rhui5/rhua-rhel9:1773670137
- postgresql:13-8060020260309111524.ad008a3a
- postgresql:16-9060020260305153549.rhel9
- postgresql-0:13.23-1.el9_2.1
- postgresql-0:13.23-1.el9_0.1
- postgresql:15-9060020260309125703.rhel9
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
- RHSA-2026:4516
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:4516 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.