CVE-2025-4207 Affecting postgresql:15/postgresql-plperl package, versions <0:15.14-1.module_el8.10.0+4041+afd30bb4


Severity

Recommended
high

Based on AlmaLinux security rating.

Threat Intelligence

EPSS
0.61% (45th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ALMALINUX8-POSTGRESQL-13156967
  • published30 Sept 2025
  • disclosed2 Sept 2025

Introduced: 2 Sep 2025

CVE-2025-4207  (opens in a new tab)

How to fix?

Upgrade AlmaLinux:8 postgresql:15/postgresql-plperl to version 0:15.14-1.module_el8.10.0+4041+afd30bb4 or higher.
This issue was patched in ALSA-2025:15022.

NVD Description

Note: Versions mentioned in the description apply only to the upstream postgresql:15/postgresql-plperl package and not the postgresql:15/postgresql-plperl package as distributed by AlmaLinux. See How to fix? for AlmaLinux:8 relevant fixed versions and status.

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

CVSS Base Scores

version 3.1