Stack buffer overflow in PostgreSQL module refint allows an unprivileged
database user to execute arbitrary code as the operating system user running the
database. A distinct attack is possible if the application declares a
user-controlled column as a refint cascade primary key and facilitates
user-controlled updates to that column. In that case, a SQL injection allows a
primary key update value provider to execute arbitrary SQL as the database user
performing the primary key update. Versions before PostgreSQL 18.4, 17.10,
16.14, 15.18, and 14.23 are affected.
The PostgreSQL project thanks Nikolay Samokhvalov for reporting this problem.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 18 | 18.4 | 2026-05-12 |
| 17 | 17.10 | 2026-05-12 |
| 16 | 16.14 | 2026-05-12 |
| 15 | 15.18 | 2026-05-12 |
| 14 | 14.23 | 2026-05-12 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 8.8 |
|---|---|
| Component | contrib module |
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.