Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Tags: 3scale/pgx

Tags

v5.7.2-cve.1

Toggle v5.7.2-cve.1's commit message
Add fuzz tests for pgproto3 Decode methods and fix discovered panics

Add 23 fuzz targets covering all complex Decode methods plus
Frontend.Receive and Backend.Receive. Fuzzing uncovered 5 additional
bugs:

- FunctionCall.Decode: no bounds checks before reading fixed fields,
  panics on short input
- Query.Decode: empty input causes slice bounds panic (src[:-1])
- CopyFail.Decode: same empty input panic as Query
- SASLInitialResponse.Decode: skips 4 bytes without checking they exist
- NegotiateProtocolVersion.Decode: untrusted uint32 optionCount used as
  slice capacity, enabling OOM via malicious message

Co-Authored-By: Claude Opus 4.6 <[email protected]>

v5.9.2

Toggle v5.9.2's commit message
Release v5.9.2

v5.9.1

Toggle v5.9.1's commit message
Release v5.9.1

v5.9.0

Toggle v5.9.0's commit message
Release v5.9.0

v5.8.0

Toggle v5.8.0's commit message
Release v5.8.0

v5.7.6

Toggle v5.7.6's commit message
Release v5.7.6

v5.7.5

Toggle v5.7.5's commit message
Release v5.7.5

v5.7.4

Toggle v5.7.4's commit message
Add v5.7.4 to changelog

v5.7.3

Toggle v5.7.3's commit message
Update changelog for v5.7.3

v5.7.2

Toggle v5.7.2's commit message
Create changelog for v5.7.2