Nikolay Samokhvalov

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 **Description** A stack buffer overflow in the "refint" module allows an unprivileged database user to execute arbitrary code with the privileges of the operating system user running the database. Additionally, if an application declares a user-controlled column as a "refint" cascade primary key and allows user-controlled updates to that column, a SQL injection can enable a provider of primary key update values to execute arbitrary SQL as the database user performing the update. **Recommendations** Update to version 18.4 or later. Update to version 17.10 or later. Update to version 16.14 or later. Update to version 15.18 or later. Update to version 14.23 or later.