CVE-2025-12818 MEDIUM

CVE-2025-12818: PostgreSQL libpq undersizes allocations, via integer wraparound

Vendor N/A
Product PostgreSQL
Weakness CWE-190
Published November 13, 2025
Last update November 13, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Key dates

02Disclosure timeline

November 13, 2025 CVE published
November 13, 2025 Record updated