Vulnerability Report: GO-2024-2606
- CVE-2024-27304, GHSA-mrww-27vc-gghv, and 1 more
- Affects: github.com/jackc/pgproto3/v2, github.com/jackc/pgx/v4, and 1 more
- Published: Mar 14, 2024
An integer overflow in the calculated message size of a query or bind message could allow a single large message to be sent as multiple messages under the attacker's control. This could lead to SQL injection if an attacker can cause a single query or bind message to exceed 4 GB in size.
For detailed information about this vulnerability, visit https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv.
Affected Packages
-
PathVersionsSymbols
-
before v2.3.3
51 affected symbols
- AuthenticationCleartextPassword.Encode
- AuthenticationGSS.Encode
- AuthenticationGSSContinue.Encode
- AuthenticationMD5Password.Encode
- AuthenticationOk.Encode
- AuthenticationSASL.Encode
- AuthenticationSASLContinue.Encode
- AuthenticationSASLFinal.Encode
- Backend.Send
- BackendKeyData.Encode
- Bind.Encode
- BindComplete.Encode
- CancelRequest.Encode
- Close.Encode
- CloseComplete.Encode
- CommandComplete.Encode
- CopyBothResponse.Encode
- CopyData.Encode
- CopyDone.Encode
- CopyFail.Encode
- CopyInResponse.Encode
- CopyOutResponse.Encode
- DataRow.Encode
- Describe.Encode
- EmptyQueryResponse.Encode
- ErrorResponse.Encode
- Execute.Encode
- Flush.Encode
- Frontend.Send
- FunctionCall.Encode
- FunctionCallResponse.Encode
- GSSEncRequest.Encode
- GSSResponse.Encode
- NoData.Encode
- NoticeResponse.Encode
- NotificationResponse.Encode
- ParameterDescription.Encode
- ParameterStatus.Encode
- Parse.Encode
- ParseComplete.Encode
- PasswordMessage.Encode
- PortalSuspended.Encode
- Query.Encode
- ReadyForQuery.Encode
- RowDescription.Encode
- SASLInitialResponse.Encode
- SASLResponse.Encode
- SSLRequest.Encode
- StartupMessage.Encode
- Sync.Encode
- Terminate.Encode
-
before v2.3.3
-
before v4.18.2
-
from v5.0.0 before v5.5.4
-
from v5.0.0 before v5.5.4
61 affected symbols
- AuthenticationCleartextPassword.Encode
- AuthenticationGSS.Encode
- AuthenticationGSSContinue.Encode
- AuthenticationMD5Password.Encode
- AuthenticationOk.Encode
- AuthenticationSASL.Encode
- AuthenticationSASLContinue.Encode
- AuthenticationSASLFinal.Encode
- Backend.Flush
- Backend.Send
- BackendKeyData.Encode
- Bind.Encode
- BindComplete.Encode
- CancelRequest.Encode
- Close.Encode
- CloseComplete.Encode
- CommandComplete.Encode
- CopyBothResponse.Encode
- CopyData.Encode
- CopyDone.Encode
- CopyFail.Encode
- CopyInResponse.Encode
- CopyOutResponse.Encode
- DataRow.Encode
- Describe.Encode
- EmptyQueryResponse.Encode
- ErrorResponse.Encode
- Execute.Encode
- Flush.Encode
- Frontend.Flush
- Frontend.Send
- Frontend.SendBind
- Frontend.SendClose
- Frontend.SendDescribe
- Frontend.SendExecute
- Frontend.SendParse
- Frontend.SendQuery
- Frontend.SendSync
- Frontend.SendUnbufferedEncodedCopyData
- FunctionCall.Encode
- FunctionCallResponse.Encode
- GSSEncRequest.Encode
- GSSResponse.Encode
- NoData.Encode
- NoticeResponse.Encode
- NotificationResponse.Encode
- ParameterDescription.Encode
- ParameterStatus.Encode
- Parse.Encode
- ParseComplete.Encode
- PasswordMessage.Encode
- PortalSuspended.Encode
- Query.Encode
- ReadyForQuery.Encode
- RowDescription.Encode
- SASLInitialResponse.Encode
- SASLResponse.Encode
- SSLRequest.Encode
- StartupMessage.Encode
- Sync.Encode
- Terminate.Encode
-
from v5.0.0 before v5.5.4
38 affected symbols
- Batch.ExecParams
- Batch.ExecPrepared
- Connect
- ConnectConfig
- ConnectWithOptions
- MultiResultReader.Close
- MultiResultReader.NextResult
- MultiResultReader.ReadAll
- PgConn.CheckConn
- PgConn.Close
- PgConn.CopyFrom
- PgConn.CopyTo
- PgConn.Deallocate
- PgConn.Exec
- PgConn.ExecBatch
- PgConn.ExecParams
- PgConn.ExecPrepared
- PgConn.Ping
- PgConn.Prepare
- PgConn.ReceiveMessage
- PgConn.SyncConn
- PgConn.WaitForNotification
- Pipeline.Close
- Pipeline.Flush
- Pipeline.GetResults
- Pipeline.SendDeallocate
- Pipeline.SendPrepare
- Pipeline.SendQueryParams
- Pipeline.SendQueryPrepared
- Pipeline.Sync
- ResultReader.Close
- ResultReader.NextRow
- ResultReader.Read
- ValidateConnectTargetSessionAttrsPreferStandby
- ValidateConnectTargetSessionAttrsPrimary
- ValidateConnectTargetSessionAttrsReadOnly
- ValidateConnectTargetSessionAttrsReadWrite
- ValidateConnectTargetSessionAttrsStandby
-
from v5.0.0 before v5.5.4
Aliases
References
- https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
- https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
- https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4
- https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8
- https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
- https://vuln.go.dev/ID/GO-2024-2606.json
Credits
- paul-gerste-sonarsource
Feedback
See anything missing or incorrect?
Suggest an edit to this report.