Jackc: >> Pgproto3 >> 2.3.3 Security Vulnerabilities
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-03-26