Vulnerability DatabaseCVE-2024-32655
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-32655
May 09, 2024
Npgsql is the .NET data provider for PostgreSQL. The "WriteBind()" method in "src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs" uses "int" variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3.
Affected Packages
Npgsql (NUGET):
Affected version(s) >=7.0.0 <7.0.7
Fix Suggestion:
Update to version 7.0.7
Npgsql (NUGET):
Affected version(s)
Fix Suggestion:
Update to version 4.0.14
Npgsql (NUGET):
Affected version(s) >=4.1.0 <4.1.13
Fix Suggestion:
Update to version 4.1.13
Npgsql (NUGET):
Affected version(s) >=5.0.0 <5.0.18
Fix Suggestion:
Update to version 5.0.18
Npgsql (NUGET):
Affected version(s) >=6.0.0 <6.0.11
Fix Suggestion:
Update to version 6.0.11
Npgsql (NUGET):
Affected version(s) >=8.0.0 <8.0.3
Fix Suggestion:
Update to version 8.0.3
Related Resources (19)
https://github.com/npgsql/npgsql/releases/tag/v4.1.13
https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
https://github.com/npgsql/npgsql/releases/tag/v4.0.14
https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
https://github.com/npgsql/npgsql/releases/tag/v5.0.18
https://github.com/npgsql/npgsql/releases/tag/v8.0.3
https://github.com/npgsql/npgsql/releases/tag/v7.0.7
https://github.com/npgsql/npgsql/releases/tag/v6.0.11
https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
https://github.com/npgsql/npgsql/files/14309386/Npgsql.Security.Advisory.pdf
https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
https://nvd.nist.gov/vuln/detail/CVE-2024-32655
https://www.youtube.com/watch?v=Tfg1B8u1yvE
https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
https://github.com/npgsql/npgsql
https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
https://github.com/npgsql/npgsql/files/14309397/npgsql-protocol-overflow-poc.zip
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Integer Overflow or Wraparound
CWE-190
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-89
EPSS
Base Score:
1.59