Skip to main content

Opengauss Server 7 0 0 Rc3

1 CVEs product

Monthly

CVE-2026-14178 MEDIUM This Month

Heap-use-after-free in openGauss 7.0.0-RC1 and RC2 allows a database user with SQL execution privileges to crash the backend process by crafting a to_timestamp() call with NLS parameters that triggers the seqscan+sort execution path. The nls_fmt_str pointer is stored in session context but allocated within SeqScan's expression memory context, which is freed upon scan completion; subsequent access by timestamp_out() via CheckNlsFormat() dereferences the dangling pointer. The practical impact is denial of service through backend process termination. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Memory Corruption Use After Free Information Disclosure Opengauss Server 7 0 0 Rc2 Opengauss Server 7 0 0 Rc1 +1
NVD VulDB
CVSS 3.1
5.9
EPSS
0.4%
EPSS 0% CVSS 5.9
MEDIUM This Month

Heap-use-after-free in openGauss 7.0.0-RC1 and RC2 allows a database user with SQL execution privileges to crash the backend process by crafting a to_timestamp() call with NLS parameters that triggers the seqscan+sort execution path. The nls_fmt_str pointer is stored in session context but allocated within SeqScan's expression memory context, which is freed upon scan completion; subsequent access by timestamp_out() via CheckNlsFormat() dereferences the dangling pointer. The practical impact is denial of service through backend process termination. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Memory Corruption Use After Free Information Disclosure +3
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy