CVE-2026-2005 — Heap-based Buffer Overflow in Postgresql

CWE-122 — Heap-based Buffer Overflow CWE-120 — Classic Buffer Overflow16 documents9 sources

Severity

8.8HIGHNVD

OSV4.3

EPSS

0.0%

top 92.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Debian Postgresql-13 Debian Postgresql-15 +3 more

Timeline

PublishedFeb 12

Latest updateMar 4

Description

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶debiandebian/postgresql-13< postgresql-13 13.23-0+deb11u2 (bullseye)

▶debiandebian/postgresql-15< postgresql-13 13.23-0+deb11u2 (bullseye)

▶debiandebian/postgresql-17< postgresql-13 13.23-0+deb11u2 (bullseye)

▶debiandebian/postgresql-18< postgresql-13 13.23-0+deb11u2 (bullseye)

▶CVEListV5postgresql/postgresql18 — 18.2+4

🔴Vulnerability Details

OSV

postgresql-14, postgresql-16, postgresql-17 vulnerabilities↗2026-03-04

▶

OSV

CVE-2026-2005: Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database↗2026-02-12

▶

CVEList

PostgreSQL pgcrypto heap buffer overflow executes arbitrary code↗2026-02-12

▶

GHSA

GHSA-hgmp-6hmc-prfc: Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

PostgreSQL vulnerabilities↗2026-03-04

▶

Red Hat

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code↗2026-02-12

▶

Debian

CVE-2026-2005: postgresql-13 - Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to exec...↗2026

▶

Apache

Apache httpd: CVE-2005-3357↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-2004 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-3172 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-2003 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-2005 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-2006 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶