CGA-9264-6frf-p9qv

Published

Last updated

https://images.chainguard.dev/security/CGA-9264-6frf-p9qv

Package

telegraf-1.27

Latest Update

Fixed

Fixed Version

1.27.4-r16

Aliases

GHSA-7jwh-3vrq-q3m8

Severity

9.8

Critical

CVSS V3

Summary

pgproto3 SQL Injection via Protocol Message Size Overflow

Description

Impact

SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control.

Patches

The problem is resolved in v2.3.3

Workarounds

Reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

References

https://github.com/advisories/GHSA-7jwh-3vrq-q3m8
https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8
https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
https://nvd.nist.gov/vuln/detail/CVE-2024-27304
https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4
https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8
https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
https://github.com/jackc/pgproto3

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-9264-6frf-p9qv

Severity

Summary

Description

Impact

Patches

Workarounds

References

Updates

Product

Why Chainguard

Customers

Company

Resources