{ "threat_severity" : "Moderate", "public_date" : "2026-02-12T13:00:06Z", "bugzilla" : { "description" : "postgresql: PostgreSQL oidvector discloses a few bytes of memory", "id" : "2439322", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2439322" }, "cvss3" : { "cvss3_base_score" : "4.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-1287", "details" : [ "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "A type validation flaw has been discovered in postgresql. Improper validation of the type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3887", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "postgresql16-0:16.13-1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-03-12T00:00:00Z", "advisory" : "RHSA-2026:4441", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "postgresql16-0:16.13-1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-03-09T00:00:00Z", "advisory" : "RHSA-2026:4059", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "postgresql:15-8100020260227221316.489197e6" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-03-09T00:00:00Z", "advisory" : "RHSA-2026:4063", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "postgresql:16-8100020260227221401.489197e6" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-03-12T00:00:00Z", "advisory" : "RHSA-2026:4515", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "postgresql:15-8080020260306092921.63b34585" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3730", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "postgresql-0:13.23-2.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3896", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "postgresql:15-9070020260227094950.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-09T00:00:00Z", "advisory" : "RHSA-2026:4110", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "postgresql:16-9070020260227095951.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-03-11T00:00:00Z", "advisory" : "RHSA-2026:4254", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "postgresql:15-9020020260309133405.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-03-12T00:00:00Z", "advisory" : "RHSA-2026:4544", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "postgresql:16-9040020260306102041.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-03-12T00:00:00Z", "advisory" : "RHSA-2026:4548", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "postgresql:15-9040020260305163703.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-03-12T00:00:00Z", "advisory" : "RHSA-2026:4546", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "postgresql:15-9060020260309125703.rhel9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-03-12T00:00:00Z", "advisory" : "RHSA-2026:4547", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "postgresql:16-9060020260305153549.rhel9" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-17T00:00:00Z", "advisory" : "RHSA-2026:8756", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "postgresql18-main-18.3-1.2.hum1" }, { "product_name" : "Red Hat Update Infrastructure 5", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4943", "cpe" : "cpe:/a:redhat:rhui:5::el9", "package" : "rhui5/rhua-rhel9:sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "postgresql18", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Fix deferred", "package_name" : "postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "postgresql:12/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "postgresql:13/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "postgresql:18/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-2003\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2003\nhttps://www.postgresql.org/support/security/CVE-2026-2003/" ], "name" : "CVE-2026-2003", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }