Vulnerability-Lookup

SUSE-SU-2026:0585-1

Vulnerability from csaf_suse - Published: 2026-02-20 10:03 - Updated: 2026-02-20 10:03

Summary

Security update for postgresql18

Notes

Title of the patch

Security update for postgresql18

Description of the patch

This update for postgresql18 fixes the following issues: Update to version 18.2. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). - CVE-2026-2007: pg_trgm heap buffer overflow can cause to write pattern onto server memory (bsc#1258012).

Patchnames

SUSE-2026-585,SUSE-SLE-SERVER-12-SP5-LTSS-2026-585,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-585

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for postgresql18",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for postgresql18 fixes the following issues:\n\nUpdate to version 18.2.\n\nSecurity issues fixed:\n\n- CVE-2026-2003: improper validation of type \u0027oidvector\u0027 may allow disclose a few bytes of server memory (bsc#1258008).\n- CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code\n  execution (bsc#1258009).\n- CVE-2026-2005: buffer overrun in contrib/pgcrypto\u0027s PGP decryption functions could lead to arbitrary code execution\n  (bsc#1258010).\n- CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution\n  (bsc#1258011).\n- CVE-2026-2007: pg_trgm heap buffer overflow can cause to write pattern onto server memory (bsc#1258012).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-585,SUSE-SLE-SERVER-12-SP5-LTSS-2026-585,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-585",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0585-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:0585-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260585-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:0585-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024361.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258008",
        "url": "https://bugzilla.suse.com/1258008"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258009",
        "url": "https://bugzilla.suse.com/1258009"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258010",
        "url": "https://bugzilla.suse.com/1258010"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258011",
        "url": "https://bugzilla.suse.com/1258011"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258012",
        "url": "https://bugzilla.suse.com/1258012"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-2003 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-2003/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-2004 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-2004/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-2005 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-2005/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-2006 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-2006/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-2007 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-2007/"
      }
    ],
    "title": "Security update for postgresql18",
    "tracking": {
      "current_release_date": "2026-02-20T10:03:34Z",
      "generator": {
        "date": "2026-02-20T10:03:34Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:0585-1",
      "initial_release_date": "2026-02-20T10:03:34Z",
      "revision_history": [
        {
          "date": "2026-02-20T10:03:34Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libecpg6-18.2-8.6.1.aarch64",
                "product": {
                  "name": "libecpg6-18.2-8.6.1.aarch64",
                  "product_id": "libecpg6-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpq5-18.2-8.6.1.aarch64",
                "product": {
                  "name": "libpq5-18.2-8.6.1.aarch64",
                  "product_id": "libpq5-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-contrib-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-contrib-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-contrib-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-devel-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-devel-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-mini-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-devel-mini-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-devel-mini-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-llvmjit-devel-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-llvmjit-devel-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-llvmjit-devel-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plperl-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-plperl-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-plperl-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plpython-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-plpython-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-plpython-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-pltcl-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-pltcl-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-pltcl-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-server-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-server-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-devel-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-server-devel-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-server-devel-18.2-8.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-test-18.2-8.6.1.aarch64",
                "product": {
                  "name": "postgresql18-test-18.2-8.6.1.aarch64",
                  "product_id": "postgresql18-test-18.2-8.6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libecpg6-64bit-18.2-8.6.1.aarch64_ilp32",
                "product": {
                  "name": "libecpg6-64bit-18.2-8.6.1.aarch64_ilp32",
                  "product_id": "libecpg6-64bit-18.2-8.6.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libpq5-64bit-18.2-8.6.1.aarch64_ilp32",
                "product": {
                  "name": "libpq5-64bit-18.2-8.6.1.aarch64_ilp32",
                  "product_id": "libpq5-64bit-18.2-8.6.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libecpg6-18.2-8.6.1.i586",
                "product": {
                  "name": "libecpg6-18.2-8.6.1.i586",
                  "product_id": "libecpg6-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpq5-18.2-8.6.1.i586",
                "product": {
                  "name": "libpq5-18.2-8.6.1.i586",
                  "product_id": "libpq5-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-18.2-8.6.1.i586",
                  "product_id": "postgresql18-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-contrib-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-contrib-18.2-8.6.1.i586",
                  "product_id": "postgresql18-contrib-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-devel-18.2-8.6.1.i586",
                  "product_id": "postgresql18-devel-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-mini-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-devel-mini-18.2-8.6.1.i586",
                  "product_id": "postgresql18-devel-mini-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-llvmjit-devel-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-llvmjit-devel-18.2-8.6.1.i586",
                  "product_id": "postgresql18-llvmjit-devel-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plperl-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-plperl-18.2-8.6.1.i586",
                  "product_id": "postgresql18-plperl-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plpython-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-plpython-18.2-8.6.1.i586",
                  "product_id": "postgresql18-plpython-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-pltcl-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-pltcl-18.2-8.6.1.i586",
                  "product_id": "postgresql18-pltcl-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-server-18.2-8.6.1.i586",
                  "product_id": "postgresql18-server-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-devel-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-server-devel-18.2-8.6.1.i586",
                  "product_id": "postgresql18-server-devel-18.2-8.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-test-18.2-8.6.1.i586",
                "product": {
                  "name": "postgresql18-test-18.2-8.6.1.i586",
                  "product_id": "postgresql18-test-18.2-8.6.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql18-docs-18.2-8.6.1.noarch",
                "product": {
                  "name": "postgresql18-docs-18.2-8.6.1.noarch",
                  "product_id": "postgresql18-docs-18.2-8.6.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libecpg6-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "libecpg6-18.2-8.6.1.ppc64le",
                  "product_id": "libecpg6-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpq5-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "libpq5-18.2-8.6.1.ppc64le",
                  "product_id": "libpq5-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-contrib-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-contrib-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-contrib-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-devel-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-devel-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-mini-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-devel-mini-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-devel-mini-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-llvmjit-devel-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-llvmjit-devel-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-llvmjit-devel-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plperl-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-plperl-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-plperl-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plpython-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-plpython-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-plpython-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-pltcl-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-pltcl-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-pltcl-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-server-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-server-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-devel-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-server-devel-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-server-devel-18.2-8.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-test-18.2-8.6.1.ppc64le",
                "product": {
                  "name": "postgresql18-test-18.2-8.6.1.ppc64le",
                  "product_id": "postgresql18-test-18.2-8.6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libecpg6-18.2-8.6.1.s390",
                "product": {
                  "name": "libecpg6-18.2-8.6.1.s390",
                  "product_id": "libecpg6-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libpq5-18.2-8.6.1.s390",
                "product": {
                  "name": "libpq5-18.2-8.6.1.s390",
                  "product_id": "libpq5-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-18.2-8.6.1.s390",
                  "product_id": "postgresql18-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-contrib-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-contrib-18.2-8.6.1.s390",
                  "product_id": "postgresql18-contrib-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-devel-18.2-8.6.1.s390",
                  "product_id": "postgresql18-devel-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-mini-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-devel-mini-18.2-8.6.1.s390",
                  "product_id": "postgresql18-devel-mini-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-llvmjit-devel-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-llvmjit-devel-18.2-8.6.1.s390",
                  "product_id": "postgresql18-llvmjit-devel-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plperl-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-plperl-18.2-8.6.1.s390",
                  "product_id": "postgresql18-plperl-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plpython-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-plpython-18.2-8.6.1.s390",
                  "product_id": "postgresql18-plpython-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-pltcl-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-pltcl-18.2-8.6.1.s390",
                  "product_id": "postgresql18-pltcl-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-server-18.2-8.6.1.s390",
                  "product_id": "postgresql18-server-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-devel-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-server-devel-18.2-8.6.1.s390",
                  "product_id": "postgresql18-server-devel-18.2-8.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-test-18.2-8.6.1.s390",
                "product": {
                  "name": "postgresql18-test-18.2-8.6.1.s390",
                  "product_id": "postgresql18-test-18.2-8.6.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libecpg6-18.2-8.6.1.s390x",
                "product": {
                  "name": "libecpg6-18.2-8.6.1.s390x",
                  "product_id": "libecpg6-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libecpg6-32bit-18.2-8.6.1.s390x",
                "product": {
                  "name": "libecpg6-32bit-18.2-8.6.1.s390x",
                  "product_id": "libecpg6-32bit-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpq5-18.2-8.6.1.s390x",
                "product": {
                  "name": "libpq5-18.2-8.6.1.s390x",
                  "product_id": "libpq5-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpq5-32bit-18.2-8.6.1.s390x",
                "product": {
                  "name": "libpq5-32bit-18.2-8.6.1.s390x",
                  "product_id": "libpq5-32bit-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-contrib-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-contrib-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-contrib-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-devel-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-devel-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-mini-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-devel-mini-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-devel-mini-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-llvmjit-devel-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-llvmjit-devel-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-llvmjit-devel-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plperl-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-plperl-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-plperl-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plpython-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-plpython-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-plpython-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-pltcl-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-pltcl-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-pltcl-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-server-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-server-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-devel-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-server-devel-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-server-devel-18.2-8.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-test-18.2-8.6.1.s390x",
                "product": {
                  "name": "postgresql18-test-18.2-8.6.1.s390x",
                  "product_id": "postgresql18-test-18.2-8.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libecpg6-18.2-8.6.1.x86_64",
                "product": {
                  "name": "libecpg6-18.2-8.6.1.x86_64",
                  "product_id": "libecpg6-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libecpg6-32bit-18.2-8.6.1.x86_64",
                "product": {
                  "name": "libecpg6-32bit-18.2-8.6.1.x86_64",
                  "product_id": "libecpg6-32bit-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpq5-18.2-8.6.1.x86_64",
                "product": {
                  "name": "libpq5-18.2-8.6.1.x86_64",
                  "product_id": "libpq5-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpq5-32bit-18.2-8.6.1.x86_64",
                "product": {
                  "name": "libpq5-32bit-18.2-8.6.1.x86_64",
                  "product_id": "libpq5-32bit-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-contrib-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-contrib-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-contrib-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-devel-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-devel-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-devel-mini-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-devel-mini-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-devel-mini-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-llvmjit-devel-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-llvmjit-devel-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-llvmjit-devel-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plperl-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-plperl-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-plperl-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-plpython-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-plpython-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-plpython-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-pltcl-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-pltcl-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-pltcl-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-server-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-server-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-server-devel-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-server-devel-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-server-devel-18.2-8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "postgresql18-test-18.2-8.6.1.x86_64",
                "product": {
                  "name": "postgresql18-test-18.2-8.6.1.x86_64",
                  "product_id": "postgresql18-test-18.2-8.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libecpg6-18.2-8.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64"
        },
        "product_reference": "libecpg6-18.2-8.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libecpg6-18.2-8.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le"
        },
        "product_reference": "libecpg6-18.2-8.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libecpg6-18.2-8.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x"
        },
        "product_reference": "libecpg6-18.2-8.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libecpg6-18.2-8.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64"
        },
        "product_reference": "libecpg6-18.2-8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libecpg6-32bit-18.2-8.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x"
        },
        "product_reference": "libecpg6-32bit-18.2-8.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libecpg6-32bit-18.2-8.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64"
        },
        "product_reference": "libecpg6-32bit-18.2-8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpq5-18.2-8.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64"
        },
        "product_reference": "libpq5-18.2-8.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpq5-18.2-8.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le"
        },
        "product_reference": "libpq5-18.2-8.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpq5-18.2-8.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x"
        },
        "product_reference": "libpq5-18.2-8.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpq5-18.2-8.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64"
        },
        "product_reference": "libpq5-18.2-8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpq5-32bit-18.2-8.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x"
        },
        "product_reference": "libpq5-32bit-18.2-8.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpq5-32bit-18.2-8.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64"
        },
        "product_reference": "libpq5-32bit-18.2-8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libecpg6-18.2-8.6.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64"
        },
        "product_reference": "libecpg6-18.2-8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libecpg6-32bit-18.2-8.6.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64"
        },
        "product_reference": "libecpg6-32bit-18.2-8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpq5-18.2-8.6.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64"
        },
        "product_reference": "libpq5-18.2-8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpq5-32bit-18.2-8.6.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
        },
        "product_reference": "libpq5-32bit-18.2-8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-2003",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-2003"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory.  We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-2003",
          "url": "https://www.suse.com/security/cve/CVE-2026-2003"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258008 for CVE-2026-2003",
          "url": "https://bugzilla.suse.com/1258008"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-20T10:03:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-2003"
    },
    {
      "cve": "CVE-2026-2004",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-2004"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-2004",
          "url": "https://www.suse.com/security/cve/CVE-2026-2004"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258009 for CVE-2026-2004",
          "url": "https://bugzilla.suse.com/1258009"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-20T10:03:34Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-2004"
    },
    {
      "cve": "CVE-2026-2005",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-2005"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-2005",
          "url": "https://www.suse.com/security/cve/CVE-2026-2005"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258010 for CVE-2026-2005",
          "url": "https://bugzilla.suse.com/1258010"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-20T10:03:34Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-2005"
    },
    {
      "cve": "CVE-2026-2006",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-2006"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun.  That suffices to execute arbitrary code as the operating system user running the database.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-2006",
          "url": "https://www.suse.com/security/cve/CVE-2026-2006"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258011 for CVE-2026-2006",
          "url": "https://bugzilla.suse.com/1258011"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-20T10:03:34Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-2006"
    },
    {
      "cve": "CVE-2026-2007",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-2007"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string.  The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation.  PostgreSQL 18.1 and 18.0 are affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-2007",
          "url": "https://www.suse.com/security/cve/CVE-2026-2007"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258012 for CVE-2026-2007",
          "url": "https://bugzilla.suse.com/1258012"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libecpg6-32bit-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-18.2-8.6.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpq5-32bit-18.2-8.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-20T10:03:34Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-2007"
    }
  ]
}

CVE-2026-2006 (GCVE-0-2026-2006)

Vulnerability from cvelistv5 – Published: 2026-02-12 13:00 – Updated: 2026-02-13 04:56

Title

PostgreSQL missing validation of multibyte character length executes arbitrary code

Summary

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-129 - Improper Validation of Array Index

Assigner

PostgreSQL

References

URL

Tags

https://www.postgresql.org/support/security/CVE-2…

Impacted products

	Vendor	Product	Version
	n/a	PostgreSQL	Affected: 18 , < 18.2 (rpm) Affected: 17 , < 17.8 (rpm) Affected: 16 , < 16.12 (rpm) Affected: 15 , < 15.16 (rpm) Affected: 0 , < 14.21 (rpm)

Credits

The PostgreSQL project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-13T04:56:31.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "18.2",
              "status": "affected",
              "version": "18",
              "versionType": "rpm"
            },
            {
              "lessThan": "17.8",
              "status": "affected",
              "version": "17",
              "versionType": "rpm"
            },
            {
              "lessThan": "16.12",
              "status": "affected",
              "version": "16",
              "versionType": "rpm"
            },
            {
              "lessThan": "15.16",
              "status": "affected",
              "version": "15",
              "versionType": "rpm"
            },
            {
              "lessThan": "14.21",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The PostgreSQL project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun.  That suffices to execute arbitrary code as the operating system user running the database.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-129",
              "description": "Improper Validation of Array Index",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-12T13:00:10.490Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2026-2006/"
        }
      ],
      "title": "PostgreSQL missing validation of multibyte character length executes arbitrary code"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2026-2006",
    "datePublished": "2026-02-12T13:00:10.490Z",
    "dateReserved": "2026-02-05T18:17:56.273Z",
    "dateUpdated": "2026-02-13T04:56:31.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2007 (GCVE-0-2026-2007)

Vulnerability from cvelistv5 – Published: 2026-02-12 13:00 – Updated: 2026-02-12 14:18

Title

PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

Summary

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

PostgreSQL

References

URL

Tags

https://www.postgresql.org/support/security/CVE-2…

Impacted products

	Vendor	Product	Version
	n/a	PostgreSQL	Affected: 18 , < 18.2 (rpm)

Credits

The PostgreSQL project thanks Heikki Linnakangas for reporting this problem.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T14:18:10.396498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T14:18:19.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "18.2",
              "status": "affected",
              "version": "18",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "attacker has permission to install pg_trgm in a database with certain locales or pass text to an existing installation"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The PostgreSQL project thanks Heikki Linnakangas for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string.  The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation.  PostgreSQL 18.1 and 18.0 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-12T13:00:11.127Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2026-2007/"
        }
      ],
      "title": "PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2026-2007",
    "datePublished": "2026-02-12T13:00:11.127Z",
    "dateReserved": "2026-02-05T18:17:56.928Z",
    "dateUpdated": "2026-02-12T14:18:19.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2005 (GCVE-0-2026-2005)

Vulnerability from cvelistv5 – Published: 2026-02-12 13:00 – Updated: 2026-02-13 04:56

Title

PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

Summary

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

PostgreSQL

References

URL

Tags

https://www.postgresql.org/support/security/CVE-2…

Impacted products

	Vendor	Product	Version
	n/a	PostgreSQL	Affected: 18 , < 18.2 (rpm) Affected: 17 , < 17.8 (rpm) Affected: 16 , < 16.12 (rpm) Affected: 15 , < 15.16 (rpm) Affected: 0 , < 14.21 (rpm)

Credits

The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-13T04:56:32.235Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "18.2",
              "status": "affected",
              "version": "18",
              "versionType": "rpm"
            },
            {
              "lessThan": "17.8",
              "status": "affected",
              "version": "17",
              "versionType": "rpm"
            },
            {
              "lessThan": "16.12",
              "status": "affected",
              "version": "16",
              "versionType": "rpm"
            },
            {
              "lessThan": "15.16",
              "status": "affected",
              "version": "15",
              "versionType": "rpm"
            },
            {
              "lessThan": "14.21",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "attacker has permission to install pgcrypto or pass arbitrary ciphertext to an already-installed pgcrypto"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-12T13:00:09.784Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2026-2005/"
        }
      ],
      "title": "PostgreSQL pgcrypto heap buffer overflow executes arbitrary code"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2026-2005",
    "datePublished": "2026-02-12T13:00:09.784Z",
    "dateReserved": "2026-02-05T18:17:55.613Z",
    "dateUpdated": "2026-02-13T04:56:32.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2003 (GCVE-0-2026-2003)

Vulnerability from cvelistv5 – Published: 2026-02-12 13:00 – Updated: 2026-02-12 14:33

Title

PostgreSQL oidvector discloses a few bytes of memory

Summary

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-1287 - Improper Validation of Specified Type of Input

Assigner

PostgreSQL

References

URL

Tags

https://www.postgresql.org/support/security/CVE-2…

Impacted products

	Vendor	Product	Version
	n/a	PostgreSQL	Affected: 18 , < 18.2 (rpm) Affected: 17 , < 17.8 (rpm) Affected: 16 , < 16.12 (rpm) Affected: 15 , < 15.16 (rpm) Affected: 0 , < 14.21 (rpm)

Credits

The PostgreSQL project thanks Altan Birler for reporting this problem.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T14:33:29.418479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T14:33:37.255Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "18.2",
              "status": "affected",
              "version": "18",
              "versionType": "rpm"
            },
            {
              "lessThan": "17.8",
              "status": "affected",
              "version": "17",
              "versionType": "rpm"
            },
            {
              "lessThan": "16.12",
              "status": "affected",
              "version": "16",
              "versionType": "rpm"
            },
            {
              "lessThan": "15.16",
              "status": "affected",
              "version": "15",
              "versionType": "rpm"
            },
            {
              "lessThan": "14.21",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The PostgreSQL project thanks Altan Birler for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory.  We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-12T13:00:06.108Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2026-2003/"
        }
      ],
      "title": "PostgreSQL oidvector discloses a few bytes of memory"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2026-2003",
    "datePublished": "2026-02-12T13:00:06.108Z",
    "dateReserved": "2026-02-05T18:17:54.018Z",
    "dateUpdated": "2026-02-12T14:33:37.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2004 (GCVE-0-2026-2004)

Vulnerability from cvelistv5 – Published: 2026-02-12 13:00 – Updated: 2026-02-13 04:56

Title

PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

Summary

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-1287 - Improper Validation of Specified Type of Input

Assigner

PostgreSQL

References

URL

Tags

https://www.postgresql.org/support/security/CVE-2…

Impacted products

	Vendor	Product	Version
	n/a	PostgreSQL	Affected: 18 , < 18.2 (rpm) Affected: 17 , < 17.8 (rpm) Affected: 16 , < 16.12 (rpm) Affected: 15 , < 15.16 (rpm) Affected: 0 , < 14.21 (rpm)

Credits

The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-13T04:56:32.981Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "18.2",
              "status": "affected",
              "version": "18",
              "versionType": "rpm"
            },
            {
              "lessThan": "17.8",
              "status": "affected",
              "version": "17",
              "versionType": "rpm"
            },
            {
              "lessThan": "16.12",
              "status": "affected",
              "version": "16",
              "versionType": "rpm"
            },
            {
              "lessThan": "15.16",
              "status": "affected",
              "version": "15",
              "versionType": "rpm"
            },
            {
              "lessThan": "14.21",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "Attacker has permission to install a vulnerable extension, e.g. intarray.  Alternatively, a vulnerable extension is already installed, and the attacker has permission to create objects (temporary objects or non-temporary objects in at least one schema)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-12T13:00:08.857Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2026-2004/"
        }
      ],
      "title": "PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2026-2004",
    "datePublished": "2026-02-12T13:00:08.857Z",
    "dateReserved": "2026-02-05T18:17:54.681Z",
    "dateUpdated": "2026-02-13T04:56:32.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:0585-1

CVE-2026-2006 (GCVE-0-2026-2006)

CVE-2026-2007 (GCVE-0-2026-2007)

CVE-2026-2005 (GCVE-0-2026-2005)

CVE-2026-2003 (GCVE-0-2026-2003)

CVE-2026-2004 (GCVE-0-2026-2004)

Tags

Sightings

Nomenclature