pkg:Debian/postgresql-18

All known vulnerabilities

• HIGH8.8CVE-2026-6638PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
  from 0, < 18.4-1
• HIGH8.8CVE-2026-6637PostgreSQL refint allows stack buffer overflow and SQL injection
  from 0, < 18.4-1
• HIGH8.8CVE-2026-6477PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
  from 0, < 18.4-1
• HIGH8.8PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
  from 0, < 18.4-1
• HIGH8.8PostgreSQL server undersizes allocations, via integer wraparound
  from 0, < 18.4-1
• HIGH8.8PostgreSQL missing validation of multibyte character length executes arbitrary code
  from 0, < 18.2-1
• HIGH8.8PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
  from 0, < 18.2-1
• HIGH8.8PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
  from 0, < 18.2-1
• HIGH8.2PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
  from 0, < 18.2-1
• HIGH7.5PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
  from 0, < 18.4-1
• HIGH7.2PostgreSQL pg_createsubscriber allows SQL injection via subscription name
  from 0, < 18.4-1
• MEDIUM6.5PostgreSQL discloses MD5-hashed passwords via covert timing channel
  from 0, < 18.4-1
• MEDIUM5.9PostgreSQL libpq undersizes allocations, via integer wraparound
  from 0, < 18.1-1
• MEDIUM5.4PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
  from 0, < 18.4-1
• MEDIUM4.3PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array
  from 0, < 18.4-1
• MEDIUM4.3PostgreSQL timeofday() can disclose portions of server memory
  from 0, < 18.4-1
• MEDIUM4.3postgresql-17 - security update
  from 0, < 18.2-1
• LOW3.1postgresql-13 - security update
  from 0, < 18.1-1