Detections
Analytics
Alpine: postgresql15: security update to 15.18-r0
high Tenable Cloud Security Plugin ID 442205
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(),
lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack
buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-
length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in
psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions
before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. (CVE-2026-6477)
- Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use
search_path to find user-defined types, including extension-defined types. That is to say, the victim will
execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14,
15.18, and 14.23 are affected. (CVE-2026-6472)
- Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause
the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the
operating system user running the database. In applications that pass gigabyte-scale user inputs to the
relevant database functions, the application input provider may achieve a segmentation fault. Versions
before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. (CVE-2026-6473)
- Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve
portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14,
15.18, and 14.23 are affected. (CVE-2026-6474)
- Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to
overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will
remain the case that starting the server after these commands implicitly trusts the origin superuser, due
to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes
relevant action between these commands and server start, like moving the files to a different VM or
snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
(CVE-2026-6475)
Solution
Update the postgresql15 library and its related packages to version 15.18-r0 or later.See Also
https://security.alpinelinux.org/vuln/CVE-2026-6472
https://security.alpinelinux.org/vuln/CVE-2026-6473
https://security.alpinelinux.org/vuln/CVE-2026-6474
https://security.alpinelinux.org/vuln/CVE-2026-6475
https://security.alpinelinux.org/vuln/CVE-2026-6477
https://security.alpinelinux.org/vuln/CVE-2026-6478
Plugin Details
Severity: High
ID: 442205
Version: Revision 1.2
Type: Local
Published: 5/20/2026
Updated: 5/20/2026
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2026-6477
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2026-6637
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 5/14/2026
Reference Information
CVE: CVE-2026-6472, CVE-2026-6473, CVE-2026-6474, CVE-2026-6475, CVE-2026-6477, CVE-2026-6478, CVE-2026-6479, CVE-2026-6637