pkg:Debian/postgresql-13

All known vulnerabilities

• HIGH8.8CVE-2026-6637PostgreSQL refint allows stack buffer overflow and SQL injection
  from 0
• HIGH8.8CVE-2026-6477PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
  from 0
• HIGH8.8CVE-2026-6475PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
  from 0
• HIGH8.8PostgreSQL server undersizes allocations, via integer wraparound
  from 0
• HIGH8.8PostgreSQL missing validation of multibyte character length executes arbitrary code
  from 0, < 13.23-0+deb11u2
• HIGH8.8PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
  from 0, < 13.23-0+deb11u2
• HIGH8.8PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
  from 0, < 13.23-0+deb11u2
• HIGH8.8PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server
  from 0, < 13.22-0+deb11u1
• HIGH8.8PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
  from 0, < 13.22-0+deb11u1
• HIGH8.8PostgreSQL PL/Perl environment variable changes execute arbitrary code
  from 0, < 13.17-0+deb11u1
• HIGH8.8Postgresql: buffer overrun from integer overflow in array modification
  from 0, < 13.13-0+deb11u1
• HIGH8.8postgresql-13 - security update
  from 0, < 13.13-0+deb11u1
• HIGH8.8postgresql-13 - security update
  from 0, < 13.13-0+deb11u1
• HIGH8.8postgresql-13 - security update
  from 0, < 13.7-0+deb11u1
• HIGH8.8postgresql-13 - security update
  from 0, < 13.7-0+deb11u1
• HIGH8.8postgresql-11 - security update
  from 0, < 13.3-1
• HIGH8.8A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
  from 0, < 13.1-1
• HIGH8.1postgresql-13 - regression update
  from 0, < 13.20-0+deb11u1
• HIGH8.1postgresql-13 - regression update
  from 0, < 13.19-0+deb11u1
• HIGH8.1postgresql-13 - regression update
  from 0, < 13.20-0+deb11u1
• HIGH8.1postgresql-13 - security update
  from 0, < 13.5-0+deb11u1
• HIGH8.1postgresql-13 - security update
  from 0, < 13.5-0+deb11u1
• HIGH8.1postgresql-9.6 - security update
  from 0, < 13.1-1
• HIGH8.0postgresql-15 - security update
  from 0, < 13.14-0+deb11u1
• HIGH8.0postgresql-15 - security update
  from 0, < 13.14-0+deb11u1
• HIGH8.0postgresql-11 - security update
  from 0, < 13.8-0+deb11u1
• HIGH7.5PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
  from 0
• HIGH7.5postgresql-13 - security update
  from 0, < 13.16-0+deb11u1
• HIGH7.5postgresql-13 - security update
  from 0, < 13.16-0+deb11u1
• HIGH7.5A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.…
  from 0, < 13.1-1
• HIGH7.2postgresql-13 - security update
  from 0, < 13.11-0+deb11u1
• HIGH7.2postgresql-13 - security update
  from 0, < 13.11-0+deb11u1
• MEDIUM6.5PostgreSQL discloses MD5-hashed passwords via covert timing channel
  from 0
• MEDIUM6.5A flaw was found in postgresql.
  from 0, < 13.4-0+deb11u1
• MEDIUM6.5A flaw was found in postgresql.
  from 0, < 13.3-1
• MEDIUM6.5A flaw was found in postgresql.
  from 0, < 13.3-1
• MEDIUM5.9PostgreSQL libpq undersizes allocations, via integer wraparound
  from 0, < 13.23-0+deb11u1
• MEDIUM5.9postgresql-13 - security update
  from 0, < 13.21-0+deb11u1
• MEDIUM5.9postgresql-13 - security update
  from 0, < 13.21-0+deb11u1
• MEDIUM5.9A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification…
  from 0, < 13.5-0+deb11u1
• MEDIUM5.4PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
  from 0
• MEDIUM5.4postgresql-15 - security update
  from 0, < 13.17-0+deb11u1
• MEDIUM5.4postgresql-15 - security update
  from 0, < 13.17-0+deb11u1
• MEDIUM5.4Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases w…
  from 0, < 13.11-0+deb11u1
• MEDIUM4.4Postgresql: role pg_signal_backend can signal certain superuser processes.
  from 0, < 13.13-0+deb11u1
• MEDIUM4.3PostgreSQL timeofday() can disclose portions of server memory
  from 0
• MEDIUM4.3postgresql-17 - security update
  from 0, < 13.23-0+deb11u2
• MEDIUM4.3postgresql-11 - security update
  from 0, < 13.13-0+deb11u1
• MEDIUM4.3An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11.
  from 0, < 13.2-1
• MEDIUM4.3A flaw was found in PostgreSQL in versions before 13.2.
  from 0, < 13.2-1
• MEDIUM4.2PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
  from 0, < 13.17-0+deb11u1
• LOW3.7PostgreSQL libpq retains an error message from man-in-the-middle
  from 0, < 13.17-0+deb11u1
• LOW3.7In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption.
  from 0, < 13.10-0+deb11u1
• LOW3.1postgresql-13 - security update
  from 0, < 13.23-0+deb11u1
• LOW3.1postgresql-13 - security update
  from 0, < 13.23-0+deb11u1
• LOW3.1postgresql-13 - security update
  from 0, < 13.22-0+deb11u1
• LOW3.1postgresql-13 - security update
  from 0, < 13.22-0+deb11u1