发布于3月6日3月6日 Members PostgreSQL: CVE-2022-41862: Client memory disclosure when connecting, with Kerberos, to modified server Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 02/10/2023 Created 02/11/2023 Added 02/10/2023 Modified 01/28/2025 Description In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. Solution(s) postgres-upgrade-13_10 postgres-upgrade-14_7 postgres-upgrade-15_2 References https://attackerkb.com/topics/cve-2022-41862 CVE - 2022-41862
