Client memory disclosure when connecting, with Kerberos, to modified server

A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. When a libpq client application has a Kerberos credential cache and doesn't explicitly disable option gssencmode, a server can cause libpq to over-read and report an error message containing uninitialized bytes from and following its receive buffer. If libpq's caller somehow makes that message accessible to the attacker, this achieves a disclosure of the over-read bytes. We have not confirmed or ruled out viability of attacks that arrange for a crash or for presence of notable, confidential information in disclosed bytes.

The PostgreSQL project thanks Jacob Champion for reporting this problem.

Version Information

Affected Version Fixed In Fix Published
15 15.2 Feb. 9, 2023
14 14.7 Feb. 9, 2023
13 13.10 Feb. 9, 2023
12 12.14 Feb. 9, 2023

For more information about PostgreSQL versioning, please visit the versioning page.

CVSS 3.0

Overall Score 3.7
Component client
Vector AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Reporting Security Vulnerabilities

If you wish to report a new security vulnerability in PostgreSQL, please send an email to

For reporting non-security bugs, please see the Report a Bug page.