View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2026-2005: 5 source package rows (postgresql, postgresql15, postgresql16, postgresql17, postgresql18); 12 state rows across 7 repos (3.20-main, 3.21-main, 3.22-main, 3.23-community, 3.23-main, edge-community, edge-main); fixed 11, open 1.
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.