Vulnerabilities > CVE-2022-25852 - Incorrect Type Conversion or Cast vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

pg-native-project

libpq-project

CWE-704

NVD

Published: 2022-06-17

Updated: 2023-10-11

Summary

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.

Vulnerable Configurations

Part	Description	Count
Application	Pg-Native_Project PG Native Project PG Native *	1
Application	Libpq_Project Libpq Project Libpq *	1

Common Weakness Enumeration (CWE)

CWE-704 - Incorrect Type Conversion or Cast

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References