CVE-2024-27304

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Mar 6, 2024

CWE ID 190

CWE ID 89

Summary

CVE-2024-27304 is a vulnerability affecting the pgx PostgreSQL driver and toolkit for Go. An attacker can exploit SQL injection by causing a query or bind message size to exceed 4 GB, resulting in integer overflow and the message being split into multiple messages under the attacker's control. This issue can lead to unintended database queries or data access. The vulnerability is addressed in versions 4.18.2 and 5.5.4. As a temporary solution, administrators are advised to reject user input that can cause a single query or bind message to exceed a 4 GB size limit.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/unag3h
https://www.cve.org/CVERecord?id=CVE-2024-27304
https://nvd.nist.gov/vuln/detail/CVE-2024-27304

Back to Vulnerability Database

CVE-2024-27304

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations