CVE-2026-6575

MEDIUM4.3EPSS 0.03%

PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array

發布日:2026/5/14修改日:2026/5/15

也稱為:ALPINE-CVE-2026-6575

描述

Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.

受影響套件(3)

Alpine/postgresql18from 0, < 18.4-r0
Bitnami/postgresql>= 18.0.0, < 18.4.0
Debian/postgresql-18from 0, < 18.4-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2026-6575
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-6575
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-6575
WEBhttps://www.postgresql.org/support/security/CVE-2026-6575/