CVE-2018-18482: libpg_query memory leak

May 13, 2022 (updated November 22, 2024)

An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service.

References

github.com/advisories/GHSA-vm3q-58wm-2r2x
github.com/lelit/pglast
github.com/lfittl/libpg_query/issues/49
github.com/pypa/advisory-database/tree/main/vulns/pg-query/PYSEC-2018-154.yaml
nvd.nist.gov/vuln/detail/CVE-2018-18482

Detect and mitigate CVE-2018-18482 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →