← Retour aux CVEs
CVE-2024-27304
CRITICAL9.8
Description
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/6/2024
Derniere modification12/4/2025
Sourcenvd
Observations honeypot0
Produits affectes
pgproto3_project:pgproto3pgx_project:pgx
Faiblesses (CWE)
CWE-89CWE-190
References
https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007(security-advisories@github.com)
https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8(security-advisories@github.com)
https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4(security-advisories@github.com)
https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8(security-advisories@github.com)
https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df(security-advisories@github.com)
https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv(security-advisories@github.com)
https://www.youtube.com/watch?v=Tfg1B8u1yvE(security-advisories@github.com)
https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.