CVE-2022-25852

HIGH Year: 2022
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-704
View all →

Vulnerability Description

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.

Related Vulnerabilities

CVE-2015-5219

HIGH
CVSS:7.5(High)

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infini...

CWE-7042015

CVE-2017-13888

HIGH
CVSS:7.5(High)

In iOS before 11.2, a type confusion issue was addressed with improved memory handling.

CWE-7042017

CVE-2018-12453

HIGH
CVSS:7.5(High)

Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream...

CWE-7042018

CVE-2018-5817

HIGH
CVSS:7.5(High)

A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.

CWE-7042018

CVE-2018-8076

HIGH
CVSS:7.5(High)

ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API fo...

CWE-7042018

CVE-2020-10735

HIGH
CVSS:7.5(High)

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for ...

CWE-7042020