CVE-2022-41862 - AskarLabs CVE Database

CVE-2022-41862

Vendor N/A

Product postgresql

Weakness CWE-200 · Info exposure

Published March 3, 2023

Last update March 7, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

Key dates

02Disclosure timeline

March 3, 2023 CVE published

March 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-41862 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2024-20396 CVE-2024-45054 Potential Permission Leakage of Cluster Level in hwameistor CVE-2025-55265 HCL Aftermarket DPC is affected by File Discovery CVE-2023-22876 IBM Sterling B2B Integrator information disclosure CVE-2025-0318 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure