CVE-2025-12818

NameCVE-2025-12818
DescriptionAvoid integer overflow in allocation-size calculations within libpq
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
postgresql-13 (PTS)bullseye13.16-0+deb11u1vulnerable
bullseye (security)13.22-0+deb11u1vulnerable
postgresql-15 (PTS)bookworm15.14-0+deb12u1vulnerable
bookworm (security)15.10-0+deb12u1vulnerable
postgresql-17 (PTS)trixie17.6-0+deb13u1vulnerable
sid17.6-1vulnerable
postgresql-18 (PTS)forky, sid18.0-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresql-13source(unstable)(unfixed)
postgresql-15source(unstable)(unfixed)
postgresql-17source(unstable)(unfixed)
postgresql-18source(unstable)18.1-1

Notes

https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=600086f471a3bb57ff4953accf1d3f8d2efe0201 (master)
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7eb8fcad860e9a0548191dab7a87a5bead5f8e91 (REL_18_1)
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=f5999f01815969dfe8df33bac9c0f1aa38dd6cd5 (REL_17_7)
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=91421565febbf99c1ea2341070878dc50ab0afef (REL_15_15)
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d6f0c0d6d6d3f14177848e4a00df988fa2f0a09a (REL_13_23)
Search for package or bug name: Reporting problems