Negative DataRow Length in pgproto3 Leading to DoS
CVE-2026-4427 Published on March 19, 2026

Github.com/jackc/pgproto3: pgproto3: denial of service via negative field length in datarow message
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.

NVD

Vulnerability Analysis

CVE-2026-4427 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public.

Weakness Type

What is an out-of-bounds array index Vulnerability?

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVE-2026-4427 has been classified to as an out-of-bounds array index vulnerability or weakness.


Products Associated with CVE-2026-4427

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Assisted Installer
 
Red Hat Multicluster Engine
 
Red Hat Multicluster Globalhub
 
Red Hat Acm
 
Red Hat Advanced Cluster Security
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Openshift Ai
 
Red Hat Openshift Cluster Manager Cli
 
Red Hat Openshift
 
Red Hat Openshift Service On Aws
 
Red Hat Quay
 
Red Hat Trusted Artifact Signer
 

Affected Versions

Assisted Installer for Red Hat OpenShift Container Platform 2: Assisted Installer for Red Hat OpenShift Container Platform 2: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Global Hub: Red Hat Multicluster Global Hub: Red Hat Multicluster Global Hub: Red Hat Multicluster Global Hub: Red Hat Multicluster Global Hub: Red Hat Advanced Cluster Management for Kubernetes 2: Red Hat Advanced Cluster Management for Kubernetes 2: Red Hat Advanced Cluster Security 4: Red Hat Advanced Cluster Security 4: Red Hat Advanced Cluster Security 4: Red Hat Advanced Cluster Security 4: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift AI (RHOAI): Red Hat OpenShift AI (RHOAI): Red Hat OpenShift Cluster Manager CLI: Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: Red Hat OpenShift Container Platform 4: Red Hat OpenShift on AWS: Red Hat Quay 3: Red Hat Quay 3: Red Hat Quay 3: Red Hat Quay 3: Red Hat Quay 3: Red Hat Quay 3: Red Hat Trusted Artifact Signer: Red Hat Trusted Artifact Signer: Red Hat Trusted Artifact Signer: Red Hat Trusted Artifact Signer: Red Hat Trusted Artifact Signer: