CGA-gjg4-pv8h-r2jm

Published

Last updated

https://images.chainguard.dev/security/CGA-gjg4-pv8h-r2jm

Package

gitlab-cng-fips-17.0

Repository

Chainguard

Latest Update

Under investigation

Aliases

GHSA-7jwh-3vrq-q3m8

Severity

Unknown

Summary

pgproto3 SQL Injection via Protocol Message Size Overflow

Description

Impact

SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control.

Patches

The problem is resolved in v2.3.3

Workarounds

Reject user input large enough to cause a single query or bind message to exceed 4 GB in size.

References

https://github.com/advisories/GHSA-7jwh-3vrq-q3m8
https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8
https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
https://nvd.nist.gov/vuln/detail/CVE-2024-27304
https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4
https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8
https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
https://github.com/jackc/pgproto3

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-gjg4-pv8h-r2jm

Severity

Summary

Description

Impact

Patches

Workarounds

References

Updates

Products

Why Chainguard

Customers

Company

Resources