{"id":"AZL-70202","summary":"CVE-2025-12818 affecting package postgresql for versions less than 14.20-1","details":"Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes.  This results in a segmentation fault for the application using libpq.  Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.","modified":"2026-04-21T04:36:21.310433Z","published":"2025-11-13T13:15:45Z","upstream":["CVE-2025-12818"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12818"}],"affected":[{"package":{"name":"postgresql","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/postgresql"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.20-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70202.json"}}],"schema_version":"1.7.5"}