Vulnerability CVE-2022-41862: Information

Description

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

Severity: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-41862
Published: March 3, 2023
Modified: April 27, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
postgresql12sisyphus12.14-alt112.19-alt3ALT-PU-2023-1209-1314842Fixed
postgresql12sisyphus_e2k12.14-alt112.19-alt3ALT-PU-2023-2505-1-Fixed
postgresql12sisyphus_riscv6412.15-alt0.1.rv6412.18-alt1ALT-PU-2023-3933-1-Fixed
postgresql12p1012.14-alt112.19-alt0.p10.1ALT-PU-2023-1302-1314938Fixed
postgresql12p10_e2k12.14-alt112.19-alt0.p10.1ALT-PU-2023-3595-1-Fixed
postgresql12p912.14-alt0.M90P.112.19-alt0.M90P.1ALT-PU-2023-1361-1314856Fixed
postgresql12c10f112.14-alt112.19-alt0.p10.1ALT-PU-2023-1302-1314938Fixed
postgresql12c9f212.16-alt0.M90P.112.18-alt0.c9f2.1ALT-PU-2023-6630-3332751Fixed
postgresql12p1112.14-alt112.19-alt3ALT-PU-2023-1209-1314842Fixed
postgresql12-1Cp912.14-alt0.M90P.112.19-alt0.M90P.1ALT-PU-2023-1362-1314856Fixed
postgresql12-1Cc9f212.15-alt0.M90P.112.17-alt0.c9f2.2ALT-PU-2023-6629-3332751Fixed
postgresql13sisyphus13.10-alt113.15-alt3ALT-PU-2023-1210-1314842Fixed
postgresql13sisyphus_e2k13.10-alt113.15-alt3ALT-PU-2023-2506-1-Fixed
postgresql13sisyphus_riscv6413.11-alt0.1.rv6413.14-alt1ALT-PU-2023-3932-1-Fixed
postgresql13p1013.10-alt113.15-alt0.p10.1ALT-PU-2023-1303-1314938Fixed
postgresql13p10_e2k13.10-alt113.15-alt0.p10.1ALT-PU-2023-3596-1-Fixed
postgresql13c10f113.10-alt113.15-alt0.p10.1ALT-PU-2023-1303-1314938Fixed
postgresql13p1113.10-alt113.15-alt3ALT-PU-2023-1210-1314842Fixed
postgresql14sisyphus14.7-alt114.12-alt3ALT-PU-2023-1211-1314842Fixed
postgresql14sisyphus_e2k14.7-alt114.12-alt3ALT-PU-2023-2507-1-Fixed
postgresql14sisyphus_riscv6414.8-alt0.1.rv6414.11-alt1ALT-PU-2023-3931-1-Fixed
postgresql14p1014.7-alt114.12-alt0.p10.1ALT-PU-2023-1304-1314938Fixed
postgresql14p10_e2k14.7-alt114.12-alt0.p10.1ALT-PU-2023-3597-1-Fixed
postgresql14c10f114.7-alt114.12-alt0.p10.1ALT-PU-2023-1304-1314938Fixed
postgresql14p1114.7-alt114.12-alt3ALT-PU-2023-1211-1314842Fixed
postgresql14-1Cp10_e2k14.7-alt214.7-alt2ALT-PU-2023-3598-1-Fixed
postgresql15sisyphus15.2-alt115.7-alt3ALT-PU-2023-1208-1314842Fixed
postgresql15sisyphus_e2k15.2-alt115.7-alt3ALT-PU-2023-2504-1-Fixed
postgresql15sisyphus_riscv6415.3-alt0.1.rv6415.6-alt1ALT-PU-2023-3930-1-Fixed
postgresql15p1015.2-alt115.7-alt0.p10.1ALT-PU-2023-1301-1314938Fixed
postgresql15c10f115.2-alt115.7-alt0.c10f1.1ALT-PU-2023-1301-1314938Fixed
postgresql15p1115.2-alt115.7-alt3ALT-PU-2023-1208-1314842Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.postgresql.org/support/security/CVE-2022-41862/
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2165722
  • Issue Tracking
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20230427-0002/

      1. Configuration 1

        cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
        Start including
        15.0
        End excliding
        15.2
        cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
        Start including
        14.0
        End excliding
        14.7
        cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
        Start including
        13.0
        End excliding
        13.10
        cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
        Start including
        12.0
        End excliding
        12.14

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
        cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
        cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top