Negative Field Length Panic in pgproto3/v2 DataRow.Decode
A vacuous bounds check in github.com/jackc/pgproto3 v2.3.3 allows a malicious PostgreSQL server to crash any connected Go client process with a single malformed DataRow message.
postgresql
1 posts