CVE-2026-4427 — Improper Validation of Array Index in Jackc Pgproto3 V2

CWE-129 — Improper Validation of Array Index5 documents4 sources

Severity

7.5HIGHOSV

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Jackc Pgproto3 V2

Timeline

PublishedMar 19

Description

Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. ## Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a …

Affected Packages1 packages

▶Gogithub.com/jackc_pgproto3_v22.3.3

🔴Vulnerability Details

GHSA

Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode↗2026-03-19

▶

OSV

Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode↗2026-03-19

▶

OSV

CVE-2026-4427: A flaw was found in pgproto3↗2026-03-19

▶

🕵️Threat Intelligence

Wiz

CVE-2026-4427 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-4427 github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message↗2026-03-18

▶