CVE-2022-25852
Last modified
CVE-2022-25852 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. EPSS estimates a 1.24% chance of exploitation in the next 30 days.
Description
All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Libpq Project | Libpq | All versions |
| Pg-Native Project | Pg-Native | All versions |
References
- https://snyk.io/vuln/SNYK-JS-LIBPQ-2392366Exploit, Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-PGNATIVE-2392365Exploit, Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-LIBPQ-2392366Exploit, Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-PGNATIVE-2392365Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-25852?
How severe is CVE-2022-25852?
How do I fix CVE-2022-25852?
Are you affected by CVE-2022-25852?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST