VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-cek6-spzu-5qg4

Essentials
Severities (57)
References (21)
Severity details (55)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-cek6-spzu-5qg4
Aliases	CVE-2024-32655 GHSA-x9vc-6hfv-hg8c
Summary	Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-190	Integer Overflow or Wraparound
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.02069	https://api.first.org/data/v1/epss?cve=CVE-2024-32655
epss	0.02069	https://api.first.org/data/v1/epss?cve=CVE-2024-32655
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-x9vc-6hfv-hg8c
cvssv3.1	8.1	https://github.com/npgsql/npgsql
generic_textual	HIGH	https://github.com/npgsql/npgsql
cvssv3.1	8.1	https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
generic_textual	HIGH	https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
ssvc	Track	https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
cvssv3.1	8.1	https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
generic_textual	HIGH	https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
ssvc	Track	https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
cvssv3.1	8.1	https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
generic_textual	HIGH	https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
ssvc	Track	https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
cvssv3.1	8.1	https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
generic_textual	HIGH	https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
ssvc	Track	https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
cvssv3.1	8.1	https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
generic_textual	HIGH	https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
ssvc	Track	https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
cvssv3.1	8.1	https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
generic_textual	HIGH	https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
ssvc	Track	https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
cvssv3.1	8.1	https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
generic_textual	HIGH	https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
ssvc	Track	https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
cvssv3.1	8.1	https://github.com/npgsql/npgsql/files/14309386/Npgsql.Security.Advisory.pdf
generic_textual	HIGH	https://github.com/npgsql/npgsql/files/14309386/Npgsql.Security.Advisory.pdf
cvssv3.1	8.1	https://github.com/npgsql/npgsql/files/14309397/npgsql-protocol-overflow-poc.zip
generic_textual	HIGH	https://github.com/npgsql/npgsql/files/14309397/npgsql-protocol-overflow-poc.zip
cvssv3.1	8.1	https://github.com/npgsql/npgsql/releases/tag/v4.0.14
generic_textual	HIGH	https://github.com/npgsql/npgsql/releases/tag/v4.0.14
ssvc	Track	https://github.com/npgsql/npgsql/releases/tag/v4.0.14
cvssv3.1	8.1	https://github.com/npgsql/npgsql/releases/tag/v4.1.13
generic_textual	HIGH	https://github.com/npgsql/npgsql/releases/tag/v4.1.13
ssvc	Track	https://github.com/npgsql/npgsql/releases/tag/v4.1.13
cvssv3.1	8.1	https://github.com/npgsql/npgsql/releases/tag/v5.0.18
generic_textual	HIGH	https://github.com/npgsql/npgsql/releases/tag/v5.0.18
ssvc	Track	https://github.com/npgsql/npgsql/releases/tag/v5.0.18
cvssv3.1	8.1	https://github.com/npgsql/npgsql/releases/tag/v6.0.11
generic_textual	HIGH	https://github.com/npgsql/npgsql/releases/tag/v6.0.11
ssvc	Track	https://github.com/npgsql/npgsql/releases/tag/v6.0.11
cvssv3.1	8.1	https://github.com/npgsql/npgsql/releases/tag/v7.0.7
generic_textual	HIGH	https://github.com/npgsql/npgsql/releases/tag/v7.0.7
ssvc	Track	https://github.com/npgsql/npgsql/releases/tag/v7.0.7
cvssv3.1	8.1	https://github.com/npgsql/npgsql/releases/tag/v8.0.3
generic_textual	HIGH	https://github.com/npgsql/npgsql/releases/tag/v8.0.3
ssvc	Track	https://github.com/npgsql/npgsql/releases/tag/v8.0.3
cvssv3.1	8.1	https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
cvssv3.1_qr	HIGH	https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
generic_textual	HIGH	https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
ssvc	Track	https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2024-32655
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2024-32655
cvssv3.1	8.1	https://www.youtube.com/watch?v=Tfg1B8u1yvE
generic_textual	HIGH	https://www.youtube.com/watch?v=Tfg1B8u1yvE
ssvc	Track	https://www.youtube.com/watch?v=Tfg1B8u1yvE

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-32655
		https://github.com/npgsql/npgsql
		https://github.com/npgsql/npgsql/files/14309386/Npgsql.Security.Advisory.pdf
		https://github.com/npgsql/npgsql/files/14309397/npgsql-protocol-overflow-poc.zip
091655eed0c84e502ab424950c930339d17c1928		https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
3183efb2bdcca159c8c2e22af57e18ea8f853cf0		https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
67acbe027e28477ac2199e15cfb554bb2ffaf169		https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
703d9af8fa48dfe8c0180e36edb8278f34342d7b		https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
a22a42d8141d7a3528f43c02c095a409507cf1af		https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
CVE-2024-32655		https://nvd.nist.gov/vuln/detail/CVE-2024-32655
e34e2ba8042e666d9af54a1b255fba4d5b11df56		https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
f7e7ead0702d776a8f551f5786c4cac2d65c4bc6		https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
GHSA-x9vc-6hfv-hg8c		https://github.com/advisories/GHSA-x9vc-6hfv-hg8c
GHSA-x9vc-6hfv-hg8c		https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
v4.0.14		https://github.com/npgsql/npgsql/releases/tag/v4.0.14
v4.1.13		https://github.com/npgsql/npgsql/releases/tag/v4.1.13
v5.0.18		https://github.com/npgsql/npgsql/releases/tag/v5.0.18
v6.0.11		https://github.com/npgsql/npgsql/releases/tag/v6.0.11
v7.0.7		https://github.com/npgsql/npgsql/releases/tag/v7.0.7
v8.0.3		https://github.com/npgsql/npgsql/releases/tag/v8.0.3
watch?v=Tfg1B8u1yvE		https://www.youtube.com/watch?v=Tfg1B8u1yvE

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/files/14309386/Npgsql.Security.Advisory.pdf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/files/14309397/npgsql-protocol-overflow-poc.zip

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/releases/tag/v4.0.14

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/releases/tag/v4.0.14

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/releases/tag/v4.1.13

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/releases/tag/v4.1.13

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/releases/tag/v5.0.18

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/releases/tag/v5.0.18

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/releases/tag/v6.0.11

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/releases/tag/v6.0.11

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/releases/tag/v7.0.7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/releases/tag/v7.0.7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/releases/tag/v8.0.3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/releases/tag/v8.0.3

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-32655

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.youtube.com/watch?v=Tfg1B8u1yvE

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-09T17:34:05Z/ Found at https://www.youtube.com/watch?v=Tfg1B8u1yvE

Exploit Prediction Scoring System (EPSS)

Percentile	0.84305
EPSS Score	0.02069
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:41:46.275000+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/32xxx/CVE-2024-32655.json	38.6.0