CVE-2025-4207 - Vulnerability Details

CVE-2025-4207 - PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2025/05/09/3
https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html
https://nvd.nist.gov/vuln/detail/CVE-2025-4207
https://www.cve.org/CVERecord?id=CVE-2025-4207
https://www.postgresql.org/support/security/CVE-2025-4207/

History

Sat, 10 May 2025 02:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-4207 https://www.cve.org/CVERecord?id=CVE-2025-4207
Metrics	threat_severity `None`	threat_severity `Moderate`

Fri, 09 May 2025 18:45:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/05/09/3

Fri, 09 May 2025 17:45:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html

Thu, 08 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 08 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
Title		PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
Weaknesses		CWE-126
References		https://www.postgresql.org/support/security/CVE-2025-4207/
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published: 2025-05-08T14:22:45.543Z

Updated: 2025-05-09T18:03:35.540Z

Reserved: 2025-05-02T00:03:22.439Z

Link: CVE-2025-4207

Vulnrichment

Updated: 2025-05-09T18:03:35.540Z

NVD

Status : Awaiting Analysis

Published: 2025-05-08T15:15:48.577

Modified: 2025-05-12T17:32:52.810

Link: CVE-2025-4207

Redhat

Severity : Moderate

Publid Date: 2025-05-08T14:22:45Z

Links: CVE-2025-4207 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4207", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2025-05-02T00:03:22.439Z", "datePublished": "2025-05-08T14:22:45.543Z", "dateUpdated": "2025-05-09T18:03:35.540Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2025-05-08T14:22:45.543Z"}, "title": "PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation", "descriptions": [{"lang": "en", "value": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected."}], "affected": [{"defaultStatus": "unaffected", "product": "PostgreSQL", "vendor": "n/a", "versions": [{"lessThan": "17.5", "status": "affected", "version": "17", "versionType": "rpm"}, {"lessThan": "16.9", "status": "affected", "version": "16", "versionType": "rpm"}, {"lessThan": "15.13", "status": "affected", "version": "15", "versionType": "rpm"}, {"lessThan": "14.18", "status": "affected", "version": "14", "versionType": "rpm"}, {"lessThan": "13.21", "status": "affected", "version": "0", "versionType": "rpm"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-126", "type": "CWE", "description": "Buffer Over-read"}]}], "references": [{"url": "https://www.postgresql.org/support/security/CVE-2025-4207/"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T14:52:17.907978Z", "id": "CVE-2025-4207", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T14:56:08.741Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html"}, {"url": "http://www.openwall.com/lists/oss-security/2025/05/09/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-05-09T18:03:35.540Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html"}, {"url": "http://www.openwall.com/lists/oss-security/2025/05/09/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-05-09T18:03:35.540Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4207", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-08T14:52:17.907978Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T14:53:27.589Z"}}], "cna": {"title": "PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "affected": [{"vendor": "n/a", "product": "PostgreSQL", "versions": [{"status": "affected", "version": "17", "lessThan": "17.5", "versionType": "rpm"}, {"status": "affected", "version": "16", "lessThan": "16.9", "versionType": "rpm"}, {"status": "affected", "version": "15", "lessThan": "15.13", "versionType": "rpm"}, {"status": "affected", "version": "14", "lessThan": "14.18", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "13.21", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.postgresql.org/support/security/CVE-2025-4207/"}], "descriptions": [{"lang": "en", "value": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-126", "description": "Buffer Over-read"}]}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2025-05-08T14:22:45.543Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4207", "state": "PUBLISHED", "dateUpdated": "2025-05-09T18:03:35.540Z", "dateReserved": "2025-05-02T00:03:22.439Z", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "datePublished": "2025-05-08T14:22:45.543Z", "assignerShortName": "PostgreSQL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected."}, {"lang": "es", "value": "La sobrelectura del b\u00fafer en la validaci\u00f3n de codificaci\u00f3n GB18030 de PostgreSQL permite que un proveedor de entrada de base de datos realice una denegaci\u00f3n de servicio temporal en plataformas donde una sobrelectura de 1 byte puede provocar la finalizaci\u00f3n del proceso. Esto afecta al servidor de base de datos y tambi\u00e9n a libpq. Las versiones anteriores a PostgreSQL 17.5, 16.9, 15.13, 14.18 y 13.21 se ven afectadas."}], "id": "CVE-2025-4207", "lastModified": "2025-05-12T17:32:52.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}]}, "published": "2025-05-08T15:15:48.577", "references": [{"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://www.postgresql.org/support/security/CVE-2025-4207/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/05/09/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html"}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-126"}], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}]}

{"bugzilla": {"description": "postgresql: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation", "id": "2365111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365111"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-126", "details": ["Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.", "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination."], "name": "CVE-2025-4207", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libpq", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "postgresql16", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libpq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "postgresql:12/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "postgresql:13/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "postgresql:15/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libpq", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "postgresql:15/postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-08T14:22:45Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4207\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4207\nhttps://www.postgresql.org/support/security/CVE-2025-4207/"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object