You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
postgresql protocol
About this tag
The postgresql protocol tag covers security vulnerabilities and technical issues related to the PostgreSQL wire protocol. A recent thread discusses CVE-2024-27304, a critical vulnerability in the Go pgx driver where a 32-bit arithmetic bug in protocol message size handling could allow SQL injection if a single query or bind message exceeds 4 GB. This tag is relevant for developers and database administrators working with PostgreSQL drivers, protocol-level security, and Go applications. Topics include protocol message fragmentation, size calculation bugs, and mitigation strategies for PostgreSQL protocol implementations.
A subtle arithmetic bug in a widely used Go PostgreSQL driver—pgx—turned into a critical SQL‑injection risk: if an attacker can force a single query or bind message to exceed 4 GB, a 32‑bit size calculation can wrap and let the attacker fragment and inject protocol messages, enabling arbitrary...