GHSA-7JWH-3VRQ-Q3M8
CVE Details
Visit the official vulnerability details page for GHSA-7JWH-3VRQ-Q3M8 to learn more.
Initial Publication
01/27/2025
Last Update
02/26/2025
Third Party Dependency
github.com/jackc/pgproto3/v2
NIST CVE Summary
pgproto3 SQL Injection via Protocol Message Size Overflow
CVE Severity
Our Official Summary
This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.
Status
Ongoing
Affected Products & Versions
This CVE is non-impacting as the impacting symbol and/or function is not used in the product
Revision History
| Date | Revision |
|---|---|
| 02/26/2025 | Status changed from Open to Ongoing |
| 02/21/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 |
| 02/17/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22 to 4.5.20, 4.5.21, 4.5.22, 4.6.6 |
| 02/14/2025 | Impacted versions changed from 4.5.20, 4.5.21 to 4.5.20, 4.5.21, 4.5.22 |
| 02/05/2025 | Impacted versions changed from 4.5.20 to 4.5.20, 4.5.21 |