Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts
array values of unmatched length, which causes query planning to read past end
of one array. This allows a table maintainer to infer memory values past that
array end. Within major version 18, minor versions before PostgreSQL 18.4 are
affected. Versions before PostgreSQL 18 are unaffected.
The PostgreSQL project thanks Jeroen Gui for reporting this problem.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 18 | 18.4 | 2026-05-12 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 4.3 |
|---|---|
| Component | core server |
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.