CVE-2022-25852
HIGHlibpq and pg-native - Denial of Service via Incorrect Type Conversion
Title source: llmDescription
All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-PGNATIVE-2392365
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-LIBPQ-2392366
Scores
CVSS v3
7.5
EPSS
0.0124
EPSS Percentile
65.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-704
Status
published
Products (4)
libpq_project/libpq
npm/libpq
0 - 1.8.10npm
npm/pg-native
0 - 3.0.1npm
pg-native_project/pg-native
Published
Jun 17, 2022
Tracked Since
Feb 18, 2026