Study how a memory leak can defeat ASLR in a real PostgreSQL exploit chain
Test whether a specific PostgreSQL build is vulnerable to the pgcrypto heap overflow
Learn how COPY FROM PROGRAM can be abused after gaining superuser privileges
Use as a reference for writing a patch or detection rule for this vulnerability
| var77/cve-2026-2005 | adya84/ha-world-cup-2026 | afk-surf/safeclipper | |
|---|---|---|---|
| Stars | 16 | 16 | 16 |
| Language | Python | Python | Python |
| Setup difficulty | hard | easy | moderate |
| Complexity | 5/5 | 2/5 | 3/5 |
| Audience | researcher | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires a specific compiled PostgreSQL build matching an exact commit hash for correct memory offsets.
CVE-2026-2005 is a proof-of-concept (PoC) exploit written in Python that demonstrates a security vulnerability in PostgreSQL's pgcrypto extension, a built-in plugin that handles encryption operations inside the database. Specifically, the flaw is a heap-based buffer overflow, meaning that specially crafted data can overwrite memory beyond its intended boundary, in the code that parses PGP session keys. The exploit proceeds through seven stages. It first tricks PostgreSQL into leaking a memory address by corrupting an internal buffer and triggering an error message that includes a pointer value. Using that leaked address, it reads arbitrary data from the database process's memory to locate the base address of the running PostgreSQL binary, a step needed to defeat address randomization (ASLR), a standard security defence. It then performs an arbitrary memory write to overwrite the internal variable that tracks the current user's identity, replacing it with the ID of the database superuser (ID 10). Once running as superuser, it uses PostgreSQL's built-in COPY FROM PROGRAM feature to execute a chosen operating system command. This is a security research tool intended for educational use and testing on systems the user owns or has explicit permission to test. It requires a specific compiled version of PostgreSQL (a particular commit hash) because the exploit depends on exact memory offsets from that build. It uses Python 3.10 or later along with several support libraries.
A proof-of-concept Python exploit for a heap buffer overflow in PostgreSQL's pgcrypto extension, used for authorized security research.
Mainly Python. The stack also includes Python, PostgreSQL.
License not stated in the available information, intended for authorized security research only.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.