{"id":"CVE-2022-41862","details":"In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.","aliases":["BIT-postgresql-2022-41862"],"modified":"2026-03-23T05:03:31.559520762Z","published":"2023-03-03T16:15:09.497Z","related":["ALSA-2023:1576","ALSA-2023:1693","ALSA-2023:4535","ALSA-2023:6429","ALSA-2023:7016","CGA-53xx-rmwc-6rp9","MGASA-2023-0064","SUSE-SU-2023:0390-1","SUSE-SU-2023:0391-1","SUSE-SU-2023:0392-1","SUSE-SU-2023:0393-1","SUSE-SU-2023:0450-1","SUSE-SU-2023:0479-1","SUSE-SU-2023:0569-1","SUSE-SU-2023:0583-1","SUSE-SU-2023:0705-1","openSUSE-SU-2024:12677-1","openSUSE-SU-2024:12678-1","openSUSE-SU-2024:12679-1","openSUSE-SU-2024:12680-1","openSUSE-SU-2024:14360-1","openSUSE-SU-2025:15580-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230427-0002/"},{"type":"ADVISORY","url":"https://www.postgresql.org/support/security/CVE-2022-41862/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2165722"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"12.0"},{"fixed":"12.14"}]},{"events":[{"introduced":"13.0"},{"fixed":"13.10"}]},{"events":[{"introduced":"14.0"},{"fixed":"14.7"}]},{"events":[{"introduced":"15.0"},{"fixed":"15.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41862.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}