Postgresql Global Development Group · Postgresql · CVE-2026-6477
**Name of the Vulnerable Software and Affected Versions**
PostgreSQL versions prior to 18.4
PostgreSQL versions prior to 17.10
PostgreSQL versions prior to 16.14
PostgreSQL versions prior to 15.18
PostgreSQL versions prior to 14.23
**Description**
The use of the dangerous function `PQfn(..., result is int=0, ...)` within the libpq `lo export()`, `lo read()`, `lo lseek64()`, and `lo tell64()` functions allows a server superuser to overwrite a client stack buffer with an arbitrarily-large response. This occurs because the function stores server-determined data of arbitrary length into a buffer of unspecified size. Consequently, since the `lo export` command in psql and pg dump utilize `lo read()`, a server superuser can overwrite the stack memory of psql or pg dump.
**Recommendations**
Update to version 18.4 or later.
Update to version 17.10 or later.
Update to version 16.14 or later.
Update to version 15.18 or later.
Update to version 14.23 or later.