PT-2025-20383 · Postgresql+11 · Postgresql+12

Alan Coopersmith

·

Published

2025-05-07

·

Updated

2026-04-02

·

CVE-2025-4207

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.5, 16.9, 15.13, 14.18, and 13.21
Description The vulnerability is related to a buffer over-read in PostgreSQL's GB18030 encoding validation. This issue allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. The vulnerability affects the database server and also libpq. An attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service.
Recommendations To resolve the issue, update to the latest patched version of PostgreSQL, which includes versions 17.5, 16.9, 15.13, 14.18, and 13.21. Specifically:
  • For versions prior to 17.5, update to version 17.5 or later.
  • For versions prior to 16.9, update to version 16.9 or later.
  • For versions prior to 15.13, update to version 15.13 or later.
  • For versions prior to 14.18, update to version 14.18 or later.
  • For versions prior to 13.21, update to version 13.21 or later.

Fix

DoS

Buffer Over-read

Weakness Enumeration

CWE-126CWE-264

Related Identifiers

ALSA-2025:15021
ALSA-2025:15022
ALT-PU-2025-6423
ALT-PU-2025-6425
ALT-PU-2025-6426
ALT-PU-2025-6427
ALT-PU-2025-6428
ALT-PU-2025-6429
ALT-PU-2025-6521
ALT-PU-2025-6991
ALT-PU-2025-6993
ALT-PU-2025-6994
ALT-PU-2025-6995
ALT-PU-2025-6997
ALT-PU-2025-7629
AZL-61736
AZL-61739
AZL-74894
BDU:2025-05405
BIT-POSTGRESQL-2025-4207
CESA-2025_14899
CESA-2025_15021
CESA-2025_15022
CLEANSTART-2026-KA40024
CLEANSTART-2026-ZC18474
CVE-2025-4207
DLA-4159-1
ECHO-C79E-EFEC-FDDC
MGASA-2025-0155
OESA-2025-1508
OESA-2025-1565
OESA-2025-1566
OESA-2025-1567
OESA-2025-1568
OESA-2025-1697
OESA-2025-1698
OESA-2025-1699
OESA-2025-1700
OPENSUSE-SU-2025:15137-1
OPENSUSE-SU-2025:15138-1
OPENSUSE-SU-2025:15139-1
OPENSUSE-SU-2025:15140-1
OPENSUSE-SU-2025:15151-1
OPENSUSE-SU-2025_01644-1
OPENSUSE-SU-2025_01654-1
OPENSUSE-SU-2025_01661-1
OPENSUSE-SU-2025_01748-1
OPENSUSE-SU-2025_01766-1
RHSA-2025:14826
RHSA-2025:14827
RHSA-2025:14862
RHSA-2025:14899
RHSA-2025:15021
RHSA-2025:15022
RHSA-2025_14827
RHSA-2025_14862
RHSA-2025_14899
RHSA-2025_15021
RHSA-2025_15022
SUSE-SU-2025:01644-1
SUSE-SU-2025:01644-2
SUSE-SU-2025:01654-1
SUSE-SU-2025:01661-1
SUSE-SU-2025:01661-2
SUSE-SU-2025:01705-1
SUSE-SU-2025:01748-1
SUSE-SU-2025:01748-2
SUSE-SU-2025:01749-1
SUSE-SU-2025:01750-1
SUSE-SU-2025:01765-1
SUSE-SU-2025:01766-1
SUSE-SU-2025:01766-2
SUSE-SU-2025:01767-1
SUSE-SU-2025:01772-1
SUSE-SU-2025:01782-1
SUSE-SU-2025:01782-2
SUSE-SU-2025:01783-1
SUSE-SU-2025:01783-2
SUSE-SU-2025:01785-1
SUSE-SU-2025:01786-1
SUSE-SU-2025:01786-2
SUSE-SU-2025_01644-1
SUSE-SU-2025_01644-2
SUSE-SU-2025_01661-1
SUSE-SU-2025_01705-1
SUSE-SU-2025_01748-1
SUSE-SU-2025_01748-2
SUSE-SU-2025_01749-1
SUSE-SU-2025_01750-1
SUSE-SU-2025_01765-1
SUSE-SU-2025_01766-1
SUSE-SU-2025_01766-2
SUSE-SU-2025_01767-1
SUSE-SU-2025_01772-1
SUSE-SU-2025_01782-1
SUSE-SU-2025_01783-1
SUSE-SU-2025_01785-1
SUSE-SU-2025_01786-1
USN-7520-1
USN-7520-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Postgresql
Red Hat
Red Os
Suse
Ubuntu
Zvirt Node
Libpq