{"id":"BIT-postgresql-2026-6473","summary":"PostgreSQL server undersizes allocations, via integer wraparound","details":"Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds.  This may execute arbitrary code as the operating system user running the database.  In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault.  Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.","aliases":["CVE-2026-6473"],"modified":"2026-07-07T02:00:04.609178720Z","published":"2026-05-18T05:52:58.988Z","database_specific":{"cpes":["cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"],"severity":"High"},"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6473"},{"type":"WEB","url":"https://www.postgresql.org/support/security/CVE-2026-6473/"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:22878"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:26181"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:26203"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:26204"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:26524"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:26525"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:26561"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:27718"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:27738"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:27741"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:27742"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:27743"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:28037"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:28143"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:28999"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:29212"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:29815"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:29904"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:29953"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:32983"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:32994"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:33441"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:33497"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:34043"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:34362"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:34363"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2026-6473"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477448"},{"type":"WEB","url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6473.json"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2026:35880"}],"affected":[{"package":{"name":"postgresql","ecosystem":"Bitnami","purl":"pkg:bitnami/postgresql"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"14.23.0"},{"introduced":"15.0.0"},{"fixed":"15.18.0"},{"introduced":"16.0.0"},{"fixed":"16.14.0"},{"introduced":"17.0.0"},{"fixed":"17.10.0"},{"introduced":"18.0.0"},{"fixed":"18.4.0"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2026-6473.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.5"}