libpq (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package libpq, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2026-6473 — CVSS 8.8 (high): Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an…
CVE-2026-6477 — CVSS 8.8 (high): Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and…
CVE-2026-6475 — CVSS 8.8 (high): Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g…
CVE-2025-1094 — CVSS 8.1 (high): Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and…
CVE-2026-6478 — CVSS 6.5 (medium): Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials…
CVE-2025-12818 — CVSS 5.9 (medium): Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause…
CVE-2021-23222 — CVSS 5.9 (medium): A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification…
CVE-2022-41862 — CVSS 3.7 (low): In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport…