Merge pull request #809 from EnterpriseDB/cve-2026-3172

CVE-2026-3172 assessment

Author: gvasquezvargas

advocacy_docs/security/assessments/cve-2026-3172.mdx

@@ -0,0 +1,76 @@
+---
+title: CVE-2026-3172 - pgvector buffer overflow in parallel HNSW index build
+navTitle: CVE-2026-3172
+affectedProducts: EDB Postgres Extended Server, EDB Postgres Advanced Server, EDB Cloud Service (formerly BigAnimal), Hybrid Manager (HM), EDB Postgres® AI for CloudNativePG™, WarehousePG, pgvector versions 0.6.0-0.8.1, aidb, pgpu
+---
+
+First Published: 2026/03/10
+
+Important: This assessment evaluates the impact of CVE-2026-3172 on EDB products and services. It links to and details the CVE and supplements that information with EDB's own assessment.
+
+## Summary
+
+A buffer overflow in the parallel HNSW (Hierarchical Navigable Small World) index build process in the `pgvector` extension allows an authenticated database user to issue crafted queries that achieve a buffer overrun.
+This can lead to the leaking of sensitive data from other relations or a crash of the database server. The vulnerability is specifically triggered during concurrent index construction when multiple worker processes are utilized.
+
+## Vulnerability details
+
+CVE-ID: [CVE-2026-3172](https://nvd.nist.gov/vuln/detail/CVE-2026-3172)
+
+CVE Publish Date: 2026-02-25
+
+CVSS Base Score: 8.1
+
+CVSS Temporal Score: Undefined
+
+CVSS Environmental Score: Undefined
+
+CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
+
+## Affected products and versions
+
+### EDB Cloud and Managed Services
+* EDB Postgres Extended Server
+* EDB Postgres Advanced Server
+* EDB Cloud Service (formerly BigAnimal)
+* Hybrid Manager (HM)
+* EDB Postgres® AI for CloudNativePG™ (All community and EDB Postgres® AI for CloudNativePG™ versions)
+* WarehousePG
+
+### Affected Extensions
+* pgvector: All versions from 0.6.0 through 0.8.1
+* aidb
+* pgpu
+
+## Remediation/fixes
+
+Remediation for this CVE requires updating the extension version within the database. Updating the underlying EDB product version alone may not apply the fix to existing databases.
+
+### pgvector Extension
+
+| Affected Version | Fixed In | Fix Published |
+|------------------|----------|---------------|
+| 0.6.0 to 0.8.1   | 0.8.2    | 2026-02-25    |
+
+### aidb Extension
+
+|   Affected Version    |          Fixed In             | Fix Published |
+|-----------------------|-------------------------------|---------------|
+| All prior to Feb 2026 | Updated with 0.8.2 dependency |  2026-02-25   |
+
+### pgpu Extension
+
+|    Affected Version   |          Fixed In             | Fix Published |
+|-----------------------|-------------------------------|---------------|
+| All prior to Feb 2026 | Updated with 0.8.2 dependency |   2026-02-25  |
+
+## References
+
+* [CVSS Calculator v3.1](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator)
+* [NVD - CVE-2026-3172 Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-3172)
+* [GitHub Advisory GHSA-789c-mgqf-5hwx](https://github.com/advisories/GHSA-789c-mgqf-5hwx)
+
+## Related information
+
+* [EnterpriseDB](https://www.enterprisedb.com/)
+* [EDB Docs - pgvector Extension](https://www.enterprisedb.com/docs/pg_extensions/pgvector/)

advocacy_docs/security/assessments/index.mdx

@@ -6,6 +6,7 @@ iconName: Security
 hideKBLink: true
 hideToC: false
 navigation:
+- cve-2026-3172
 - cve-2026-2007
 - cve-2026-2006
 - cve-2026-2005
@@ -39,6 +40,28 @@ The CVEs listed in this section are from PostgreSQL and other parties who have r
 <table class="table-bordered">
 
 
+<tr><td>
+<details><summary><h3 style="display:inline"> CVE-2026-3172 </h3>
+<span>
+&nbsp;&nbsp;<a href="cve-2026-3172">Read Assessment</a>
+&nbsp;&nbsp;Published: </span><span>2026/03/10</span>
+<h4>pgvector buffer overflow in parallel HNSW index build</h4>
+<h5> EDB Postgres Extended Server, EDB Postgres Advanced Server, EDB Cloud Service (formerly BigAnimal), Hybrid Manager (HM), EDB Postgres® AI for CloudNativePG™, WarehousePG, pgvector versions 0.6.0-0.8.1, aidb, pgpu</h5>
+</summary>
+<hr/>
+<em>Summary:</em>&nbsp;
+A buffer overflow in the parallel HNSW (Hierarchical Navigable Small World) index build process in the <code>pgvector</code> extension allows an authenticated database user to issue crafted queries that achieve a buffer overrun.
+This can lead to the leaking of sensitive data from other relations or a crash of the database server. The vulnerability is specifically triggered during concurrent index construction when multiple worker processes are utilized.
+<br/>
+<a href="cve-2026-3172">Read More...</a>
+</details></td></tr>
+
+
+
+
+
+
+
 <tr><td>
 <details><summary><h3 style="display:inline"> CVE-2026-2007 </h3>
 <span>

advocacy_docs/security/index.mdx

@@ -118,6 +118,24 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1
 <table class="table-bordered">
 
 
+<tr><td>
+<details><summary><h3 style="display:inline"> CVE-2026-3172 </h3>
+<span>
+&nbsp;&nbsp;<a href="assessments/cve-2026-3172">Read Assessment</a>
+&nbsp;&nbsp;Published: </span><span>2026/03/10</span>
+
+<h4>pgvector buffer overflow in parallel HNSW index build</h4>
+<h5> EDB Postgres Extended Server, EDB Postgres Advanced Server, EDB Cloud Service (formerly BigAnimal), Hybrid Manager (HM), EDB Postgres® AI for CloudNativePG™, WarehousePG, pgvector versions 0.6.0-0.8.1, aidb, pgpu</h5>
+</summary>
+<hr/>
+<em>Summary:</em>&nbsp;
+A buffer overflow in the parallel HNSW (Hierarchical Navigable Small World) index build process in the <code>pgvector</code> extension allows an authenticated database user to issue crafted queries that achieve a buffer overrun.
+This can lead to the leaking of sensitive data from other relations or a crash of the database server. The vulnerability is specifically triggered during concurrent index construction when multiple worker processes are utilized.
+<br/>
+<a href="assessments/cve-2026-3172">Read More...</a>
+</details></td></tr>
+
+
 <tr><td>
 <details><summary><h3 style="display:inline"> CVE-2026-2007 </h3>
 <span>
@@ -185,20 +203,4 @@ Improper validation of input types in the PostgreSQL intarray extension allows a
 <a href="assessments/cve-2026-2004">Read More...</a>
 </details></td></tr>
 
-
-<tr><td>
-<details><summary><h3 style="display:inline"> CVE-2025-8715 </h3>
-<span>
-&nbsp;&nbsp;<a href="assessments/cve-2025-8715">Read Assessment</a>
-&nbsp;&nbsp;Updated: </span><span>2025/08/14</span>
-<h4>PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server</h4>
-<h5> All versions of Postgresql prior to 17.6, 16.10, 15.14, 14.19, 13.22 3.x, EDB Postgres Extended Server prior to 17.6.0, 16.10.0, 15.14.0, 14.19.0, 13.22, EDB Postgres Advanced Server prior to 17.6.0, 16.10.0, 15.14.0, 14.19.0, 13.22</h5>
-</summary>
-<hr/>
-<em>Summary:</em>&nbsp;
-Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected.
-<br/>
-<a href="assessments/cve-2025-8715">Read More...</a>
-</details></td></tr>
-
 </table>