Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 18 | 18.2 | 2026-02-12 |
| 17 | 17.8 | 2026-02-12 |
| 16 | 16.12 | 2026-02-12 |
| 15 | 15.16 | 2026-02-12 |
| 14 | 14.21 | 2026-02-12 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 8.8 |
|---|---|
| Component | contrib module |
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.