CVE-2022-41862
Summary
| CVE | CVE-2022-41862 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-03 16:15:00 UTC |
| Updated | 2023-04-27 15:15:00 UTC |
| Description | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 8 | All | All | All |
| Application | Postgresql | Postgresql | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Application | Redhat | Integration Camel K | - | All | All | All |
| Application | Redhat | Integration Camel Quarkus | - | All | All | All |
| Application | Redhat | Integration Service Registry | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2165722 – (CVE-2022-41862) CVE-2022-41862 postgresql: Client memory disclosure when connecting with Kerberos to modified server | MISC | bugzilla.redhat.com | |
| PostgreSQL: CVE-2022-41862: Client memory disclosure when connecting, with Kerberos, to modified server | MISC | www.postgresql.org | |
| CVE-2022-41862 PostgreSQL Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160532 Oracle Enterprise Linux Security Update for postgresql:13 (ELSA-2023-1576)
- 160543 Oracle Enterprise Linux Security Update for postgresql (ELSA-2023-1693)
- 160851 Oracle Enterprise Linux Security Update for postgresql:12 (ELSA-2023-4535)
- 161107 Oracle Enterprise Linux Security Update for libpq (ELSA-2023-6429)
- 161170 Oracle Enterprise Linux Security Update for libpq (ELSA-2023-7016)
- 181555 Debian Security Update for postgresql-11 (DLA 3316-1)
- 182200 Debian Security Update for postgresql-15 (CVE-2022-41862)
- 199205 Ubuntu Security Notification for PostgreSQL Vulnerability (USN-5906-1)
- 241320 Red Hat Update for postgresql:13 (RHSA-2023:1576)
- 241338 Red Hat Update for postgresql (RHSA-2023:1693)
- 241942 Red Hat Update for postgresql:12 (RHSA-2023:4535)
- 242379 Red Hat Update for libpq (RHSA-2023:6429)
- 242448 Red Hat Update for libpq (RHSA-2023:7016)
- 242527 Red Hat Update for postgresql (RHSA-2023:7545)
- 242534 Red Hat Update for postgresql:13 (RHSA-2023:7580)
- 242546 Red Hat Update for postgresql:12 (RHSA-2023:7666)
- 242547 Red Hat Update for postgresql:12 (RHSA-2023:7667)
- 242550 Red Hat Update for postgresql:13 (RHSA-2023:7695)
- 242552 Red Hat Update for postgresql:12 (RHSA-2023:7694)
- 242592 Red Hat Update for rh-postgresql13-postgresql (RHSA-2023:7772)
- 356172 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL13-2023-001
- 356278 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL12-2023-001
- 356297 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL14-2023-001
- 356475 Amazon Linux Security Advisory for postgresql : ALAS2POSTGRESQL13-2023-001
- 357332 Amazon Linux Security Advisory for libpq : ALAS2POSTGRESQL14-2024-010
- 357338 Amazon Linux Security Advisory for libpq : ALAS2POSTGRESQL12-2024-010
- 378413 Alibaba Cloud Linux Security Update for postgresql:13 (ALINUX3-SA-2023:0036)
- 502656 Alpine Linux Security Update for postgresql
- 502657 Alpine Linux Security Update for postgresql13
- 502658 Alpine Linux Security Update for postgresql14
- 502781 Alpine Linux Security Update for postgresql15
- 502915 Alpine Linux Security Update for postgresql12
- 503001 Alpine Linux Security Update for postgresql
- 503005 Alpine Linux Security Update for postgresql12
- 504313 Alpine Linux Security Update for postgresql14
- 505794 Alpine Linux Security Update for postgresql12
- 691056 Free Berkeley Software Distribution (FreeBSD) Security Update for postgresql server (7a8b6170-a889-11ed-bbae-6cc21735f730)
- 753677 SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2023:0391-1)
- 753678 SUSE Enterprise Linux Security Update for postgresql14 (SUSE-SU-2023:0392-1)
- 753680 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2023:0390-1)
- 753681 SUSE Enterprise Linux Security Update for postgresql15 (SUSE-SU-2023:0393-1)
- 753718 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2023:0450-1)
- 753732 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2023:0479-1)
- 753735 SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2023:0583-1)
- 753767 SUSE Enterprise Linux Security Update for postgresql14 (SUSE-SU-2023:0705-1)
- 753790 SUSE Enterprise Linux Security Update for postgresql15 (SUSE-SU-2023:0569-1)
- 754206 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2023:0479-1)
- 905676 Common Base Linux Mariner (CBL-Mariner) Security Update for postgresql (13758)
- 905695 Common Base Linux Mariner (CBL-Mariner) Security Update for postgresql (13777)
- 940968 AlmaLinux Security Update for postgresql:13 (ALSA-2023:1576)
- 940988 AlmaLinux Security Update for postgresql (ALSA-2023:1693)
- 941224 AlmaLinux Security Update for postgresql:12 (ALSA-2023:4535)
- 941380 AlmaLinux Security Update for libpq (ALSA-2023:6429)
- 941439 AlmaLinux Security Update for libpq (ALSA-2023:7016)
- 960905 Rocky Linux Security Update for postgresql:13 (RLSA-2023:1576)
- 961028 Rocky Linux Security Update for postgresql:12 (RLSA-2023:4535)