{"id":"BIT-postgresql-2025-12818","summary":"PostgreSQL libpq undersizes allocations, via integer wraparound","details":"Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes.  This results in a segmentation fault for the application using libpq.  Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.","aliases":["CVE-2025-12818"],"modified":"2025-11-21T09:27:44.222098Z","published":"2025-11-21T08:47:38.070Z","database_specific":{"severity":"Medium","cpes":["cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"]},"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12818"},{"type":"WEB","url":"https://www.postgresql.org/support/security/CVE-2025-12818/"}],"affected":[{"package":{"name":"postgresql","ecosystem":"Bitnami","purl":"pkg:bitnami/postgresql"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"13.23.0"},{"introduced":"14.0.0"},{"fixed":"14.20.0"},{"introduced":"15.0.0"},{"fixed":"15.15.0"},{"introduced":"16.0.0"},{"fixed":"16.11.0"},{"introduced":"17.0.0"},{"fixed":"17.7.0"},{"introduced":"18.0.0"},{"fixed":"18.1.0"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2025-12818.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}],"schema_version":"1.7.3"}