CVE-2026-4427

Published: Mar 19, 2026 Last Modified: Mar 19, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.

129

Improper Validation of Array Index

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart Modify Memory Read Memory Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: C, C++, Not Language-Specific
Likelihood of Exploit: High
View CWE Details
https://access.redhat.com/security/cve/CVE-2026-4427
https://access.redhat.com/security/cve/CVE-2026-4427
https://bugzilla.redhat.com/show_bug.cgi?id=2448626
https://bugzilla.redhat.com/show_bug.cgi?id=2448626
https://github.com/golang/vulndb/issues/4518
https://github.com/golang/vulndb/issues/4518
https://github.com/jackc/pgproto3
https://github.com/jackc/pgproto3
https://github.com/jackc/pgx/issues/2507
https://github.com/jackc/pgx/issues/2507
https://securityinfinity.com/research/memory-safety-vulnera…
https://securityinfinity.com/research/memory-safety-vulnerabilities-in-go-postg…