Vulnerability Details CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.5%
CVSS Severity
CVSS v3 Score 3.7
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2165722
- https://security.netapp.com/advisory/ntap-20230427-0002/
- https://www.postgresql.org/support/security/CVE-2022-41862/
- https://bugzilla.redhat.com/show_bug.cgi?id=2165722
- https://security.netapp.com/advisory/ntap-20230427-0002/
- https://www.postgresql.org/support/security/CVE-2022-41862/
Products affected by CVE-2022-41862
-
cpe:2.3:a:postgresql:postgresql:12.0
-
cpe:2.3:a:postgresql:postgresql:12.1
-
cpe:2.3:a:postgresql:postgresql:12.10
-
cpe:2.3:a:postgresql:postgresql:12.11
-
cpe:2.3:a:postgresql:postgresql:12.12
-
cpe:2.3:a:postgresql:postgresql:12.13
-
cpe:2.3:a:postgresql:postgresql:12.2
-
cpe:2.3:a:postgresql:postgresql:12.3
-
cpe:2.3:a:postgresql:postgresql:12.4
-
cpe:2.3:a:postgresql:postgresql:12.5
-
cpe:2.3:a:postgresql:postgresql:12.6
-
cpe:2.3:a:postgresql:postgresql:12.7
-
cpe:2.3:a:postgresql:postgresql:12.8
-
cpe:2.3:a:postgresql:postgresql:12.9
-
cpe:2.3:a:postgresql:postgresql:13.0
-
cpe:2.3:a:postgresql:postgresql:13.1
-
cpe:2.3:a:postgresql:postgresql:13.2
-
cpe:2.3:a:postgresql:postgresql:13.3
-
cpe:2.3:a:postgresql:postgresql:13.4
-
cpe:2.3:a:postgresql:postgresql:13.5
-
cpe:2.3:a:postgresql:postgresql:13.6
-
cpe:2.3:a:postgresql:postgresql:13.7
-
cpe:2.3:a:postgresql:postgresql:13.8
-
cpe:2.3:a:postgresql:postgresql:13.9
-
cpe:2.3:a:postgresql:postgresql:14.0
-
cpe:2.3:a:postgresql:postgresql:14.1
-
cpe:2.3:a:postgresql:postgresql:14.2
-
cpe:2.3:a:postgresql:postgresql:14.3
-
cpe:2.3:a:postgresql:postgresql:14.4
-
cpe:2.3:a:postgresql:postgresql:14.5
-
cpe:2.3:a:postgresql:postgresql:14.6
-
cpe:2.3:a:postgresql:postgresql:15.0
-
cpe:2.3:a:postgresql:postgresql:15.1
-
cpe:2.3:a:redhat:integration_camel_k:-
-
cpe:2.3:a:redhat:integration_camel_quarkus:-
-
cpe:2.3:a:redhat:integration_service_registry:-
-
cpe:2.3:o:fedoraproject:fedora:8
-
cpe:2.3:o:redhat:enterprise_linux:8.0