Andreas Seltenreich

**Name of the Vulnerable Software and Affected Versions** Postgresql versions 11.x before 11.5 **Description** The issue is related to a memory disclosure in cross-type comparison for hashed subplan, which can allow a remote attacker to disclose protected information due to a buffer read beyond memory boundaries. **Recommendations** For Postgresql versions 11.x before 11.5, update to version 11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 9.5.2 **Description** The issue allows attackers to bypass intended access restrictions, potentially obtaining sensitive server memory information or causing a denial of service (server crash) via a crafted bytea value in a BRIN index page. This is due to the lack of permission checks for BRIN indexes in the pageinspect extension. **Recommendations** For versions prior to 9.5.2, update to version 9.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the pageinspect extension to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hashcash versions prior to 1.21 **Description** A heap-based buffer overflow issue exists in the array push function in hashcash.c, potentially allowing attackers to execute arbitrary code via crafted entries. **Recommendations** For versions prior to 1.21, update to version 1.21 or later to resolve the issue.