CVE-2019-10164

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
10.0 ≤
𝑥
< 10.9
postgresqlpostgresql
11.0 ≤
𝑥
< 11.4
redhatenterprise_linux
8.0
opensuseleap
15.0
opensuseleap
15.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-10
bionic
Fixed 10.9-0ubuntu0.18.04.1
released
cosmic
Fixed 10.9-0ubuntu0.18.10.1
released
disco
dne
trusty
dne
xenial
dne
postgresql-11
bionic
dne
cosmic
dne
disco
Fixed 11.4-0ubuntu0.19.04.1
released
trusty
dne
xenial
dne
postgresql-9.1
bionic
dne
cosmic
dne
disco
dne
trusty
dne
xenial
dne
postgresql-9.3
bionic
dne
cosmic
dne
disco
dne
trusty
not-affected
xenial
dne
postgresql-9.5
bionic
dne
cosmic
dne
disco
dne
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libecpg6
suse enterprise sap 12 SP1
10.9-1.12.1
fixed
suse enterprise sap 12 SP2
10.9-1.12.1
fixed
suse enterprise sap 12 SP3
10.9-1.12.1
fixed
suse enterprise sap 12 SP4
10.9-1.12.1
fixed
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 12
10.9-1.12.1
fixed
suse enterprise server 12 SP1
10.9-1.12.1
fixed
suse enterprise server 12 SP2
10.9-1.12.1
fixed
suse enterprise server 12 SP3
10.9-1.12.1
fixed
suse enterprise server 12 SP4
10.9-1.12.1
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
libpq5
suse enterprise desktop 15
10.9-4.13.2
fixed
suse enterprise desktop 15 SP1
12.2-3.5.2
fixed
suse enterprise sap 12 SP1
10.9-1.12.1
fixed
suse enterprise sap 12 SP2
10.9-1.12.1
fixed
suse enterprise sap 12 SP3
10.9-1.12.1
fixed
suse enterprise sap 12 SP4
10.9-1.12.1
fixed
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 12
10.9-1.12.1
fixed
suse enterprise server 12 SP1
10.9-1.12.1
fixed
suse enterprise server 12 SP2
10.9-1.12.1
fixed
suse enterprise server 12 SP3
10.9-1.12.1
fixed
suse enterprise server 12 SP4
10.9-1.12.1
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
libpq5-32bit
suse enterprise sap 12 SP1
10.9-1.12.1
fixed
suse enterprise sap 12 SP2
10.9-1.12.1
fixed
suse enterprise sap 12 SP3
10.9-1.12.1
fixed
suse enterprise sap 12 SP4
10.9-1.12.1
fixed
suse enterprise server 12
10.9-1.12.1
fixed
suse enterprise server 12 SP1
10.9-1.12.1
fixed
suse enterprise server 12 SP2
10.9-1.12.1
fixed
suse enterprise server 12 SP3
10.9-1.12.1
fixed
suse enterprise server 12 SP4
10.9-1.12.1
fixed
postgresql-12
suse enterprise desktop 15 SP1
8.11.3
fixed
suse enterprise sap 15 SP1
8.11.3
fixed
suse enterprise server 15 SP1
8.11.3
fixed
postgresql-contrib-12
suse enterprise sap 15 SP1
8.11.3
fixed
suse enterprise server 15 SP1
8.11.3
fixed
postgresql-devel-12
suse enterprise sap 15 SP1
8.11.3
fixed
suse enterprise server 15 SP1
8.11.3
fixed
postgresql-docs-12
suse enterprise sap 15 SP1
8.11.3
fixed
suse enterprise server 15 SP1
8.11.3
fixed
postgresql-plperl-12
suse enterprise sap 15 SP1
8.11.3
fixed
suse enterprise server 15 SP1
8.11.3
fixed
postgresql-plpython-12
suse enterprise sap 15 SP1
8.11.3
fixed
suse enterprise server 15 SP1
8.11.3
fixed
postgresql-pltcl-12
suse enterprise sap 15 SP1
8.11.3
fixed
suse enterprise server 15 SP1
8.11.3
fixed
postgresql-server-12
suse enterprise sap 15 SP1
8.11.3
fixed
suse enterprise server 15 SP1
8.11.3
fixed
postgresql-server-devel-12
suse enterprise sap 15 SP1
8.11.3
fixed
suse enterprise server 15 SP1
8.11.3
fixed
postgresql10
suse enterprise desktop 15
10.9-4.13.2
fixed
suse enterprise desktop 15 SP1
10.12-8.13.10
fixed
suse enterprise desktop 15 SP2
10.9-8.3.1
fixed
suse enterprise sap 12 SP1
10.9-1.12.2
fixed
suse enterprise sap 12 SP2
10.9-1.12.2
fixed
suse enterprise sap 12 SP3
10.9-1.12.2
fixed
suse enterprise sap 12 SP4
10.9-1.12.2
fixed
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
10.12-8.13.10
fixed
suse enterprise sap 15 SP2
10.9-8.3.1
fixed
suse enterprise sap 15 SP3
10.9-8.3.1
fixed
suse enterprise server 12
10.9-1.12.2
fixed
suse enterprise server 12 SP1
10.9-1.12.2
fixed
suse enterprise server 12 SP2
10.9-1.12.2
fixed
suse enterprise server 12 SP3
10.9-1.12.2
fixed
suse enterprise server 12 SP4
10.9-1.12.2
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
10.12-8.13.10
fixed
suse enterprise server 15 SP2
10.9-8.3.1
fixed
suse enterprise server 15 SP3
10.9-8.3.1
fixed
postgresql10-contrib
suse enterprise sap 12 SP1
10.9-1.12.2
fixed
suse enterprise sap 12 SP2
10.9-1.12.2
fixed
suse enterprise sap 12 SP3
10.9-1.12.2
fixed
suse enterprise sap 12 SP4
10.9-1.12.2
fixed
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
10.12-8.13.10
fixed
suse enterprise sap 15 SP2
10.9-8.3.1
fixed
suse enterprise sap 15 SP3
10.9-8.3.1
fixed
suse enterprise server 12
10.9-1.12.2
fixed
suse enterprise server 12 SP1
10.9-1.12.2
fixed
suse enterprise server 12 SP2
10.9-1.12.2
fixed
suse enterprise server 12 SP3
10.9-1.12.2
fixed
suse enterprise server 12 SP4
10.9-1.12.2
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
10.12-8.13.10
fixed
suse enterprise server 15 SP2
10.9-8.3.1
fixed
suse enterprise server 15 SP3
10.9-8.3.1
fixed
postgresql10-devel
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
10.12-8.13.9
fixed
suse enterprise sap 15 SP2
10.9-8.3.1
fixed
suse enterprise sap 15 SP3
10.9-8.3.1
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
10.12-8.13.9
fixed
suse enterprise server 15 SP2
10.9-8.3.1
fixed
suse enterprise server 15 SP3
10.9-8.3.1
fixed
postgresql10-docs
suse enterprise sap 12 SP1
10.9-1.12.2
fixed
suse enterprise sap 12 SP2
10.9-1.12.2
fixed
suse enterprise sap 12 SP3
10.9-1.12.2
fixed
suse enterprise sap 12 SP4
10.9-1.12.2
fixed
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
10.12-8.13.10
fixed
suse enterprise sap 15 SP2
10.9-8.3.1
fixed
suse enterprise server 12
10.9-1.12.2
fixed
suse enterprise server 12 SP1
10.9-1.12.2
fixed
suse enterprise server 12 SP2
10.9-1.12.2
fixed
suse enterprise server 12 SP3
10.9-1.12.2
fixed
suse enterprise server 12 SP4
10.9-1.12.2
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
10.12-8.13.10
fixed
suse enterprise server 15 SP2
10.9-8.3.1
fixed
postgresql10-plperl
suse enterprise sap 12 SP1
10.9-1.12.2
fixed
suse enterprise sap 12 SP2
10.9-1.12.2
fixed
suse enterprise sap 12 SP3
10.9-1.12.2
fixed
suse enterprise sap 12 SP4
10.9-1.12.2
fixed
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
10.12-8.13.10
fixed
suse enterprise sap 15 SP2
10.9-8.3.1
fixed
suse enterprise sap 15 SP3
10.9-8.3.1
fixed
suse enterprise server 12
10.9-1.12.2
fixed
suse enterprise server 12 SP1
10.9-1.12.2
fixed
suse enterprise server 12 SP2
10.9-1.12.2
fixed
suse enterprise server 12 SP3
10.9-1.12.2
fixed
suse enterprise server 12 SP4
10.9-1.12.2
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
10.12-8.13.10
fixed
suse enterprise server 15 SP2
10.9-8.3.1
fixed
suse enterprise server 15 SP3
10.9-8.3.1
fixed
postgresql10-plpython
suse enterprise sap 12 SP1
10.9-1.12.2
fixed
suse enterprise sap 12 SP2
10.9-1.12.2
fixed
suse enterprise sap 12 SP3
10.9-1.12.2
fixed
suse enterprise sap 12 SP4
10.9-1.12.2
fixed
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
10.12-8.13.10
fixed
suse enterprise sap 15 SP2
10.9-8.3.1
fixed
suse enterprise sap 15 SP3
10.9-8.3.1
fixed
suse enterprise server 12
10.9-1.12.2
fixed
suse enterprise server 12 SP1
10.9-1.12.2
fixed
suse enterprise server 12 SP2
10.9-1.12.2
fixed
suse enterprise server 12 SP3
10.9-1.12.2
fixed
suse enterprise server 12 SP4
10.9-1.12.2
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
10.12-8.13.10
fixed
suse enterprise server 15 SP2
10.9-8.3.1
fixed
suse enterprise server 15 SP3
10.9-8.3.1
fixed
postgresql10-pltcl
suse enterprise sap 12 SP1
10.9-1.12.2
fixed
suse enterprise sap 12 SP2
10.9-1.12.2
fixed
suse enterprise sap 12 SP3
10.9-1.12.2
fixed
suse enterprise sap 12 SP4
10.9-1.12.2
fixed
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
10.12-8.13.10
fixed
suse enterprise sap 15 SP2
10.9-8.3.1
fixed
suse enterprise sap 15 SP3
10.9-8.3.1
fixed
suse enterprise server 12
10.9-1.12.2
fixed
suse enterprise server 12 SP1
10.9-1.12.2
fixed
suse enterprise server 12 SP2
10.9-1.12.2
fixed
suse enterprise server 12 SP3
10.9-1.12.2
fixed
suse enterprise server 12 SP4
10.9-1.12.2
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
10.12-8.13.10
fixed
suse enterprise server 15 SP2
10.9-8.3.1
fixed
suse enterprise server 15 SP3
10.9-8.3.1
fixed
postgresql10-server
suse enterprise sap 12 SP1
10.9-1.12.2
fixed
suse enterprise sap 12 SP2
10.9-1.12.2
fixed
suse enterprise sap 12 SP3
10.9-1.12.2
fixed
suse enterprise sap 12 SP4
10.9-1.12.2
fixed
suse enterprise sap 15
10.9-4.13.2
fixed
suse enterprise sap 15 SP1
10.12-8.13.10
fixed
suse enterprise sap 15 SP2
10.9-8.3.1
fixed
suse enterprise sap 15 SP3
10.9-8.3.1
fixed
suse enterprise server 12
10.9-1.12.2
fixed
suse enterprise server 12 SP1
10.9-1.12.2
fixed
suse enterprise server 12 SP2
10.9-1.12.2
fixed
suse enterprise server 12 SP3
10.9-1.12.2
fixed
suse enterprise server 12 SP4
10.9-1.12.2
fixed
suse enterprise server 15
10.9-4.13.2
fixed
suse enterprise server 15 SP1
10.12-8.13.10
fixed
suse enterprise server 15 SP2
10.9-8.3.1
fixed
suse enterprise server 15 SP3
10.9-8.3.1
fixed
postgresql12
suse enterprise desktop 15 SP1
12.2-3.5.2
fixed
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
postgresql12-contrib
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
postgresql12-devel
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
postgresql12-docs
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
postgresql12-plperl
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
postgresql12-plpython
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
postgresql12-pltcl
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
postgresql12-server
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
postgresql12-server-devel
suse enterprise sap 15 SP1
12.2-3.5.2
fixed
suse enterprise server 15 SP1
12.2-3.5.2
fixed
python3-psycopg2
suse enterprise desktop 15 SP1
2.8.4-5.4.6
fixed
suse enterprise desktop 15 SP2
2.8.4-5.4.6
fixed
suse enterprise sap 15 SP1
2.8.4-5.4.6
fixed
suse enterprise sap 15 SP2
2.8.4-5.4.6
fixed
suse enterprise server 15 SP1
2.8.4-5.4.6
fixed
suse enterprise server 15 SP2
2.8.4-5.4.6
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libpq
RHEL 8
0:12.1-3.el8
fixed
libpq-devel
RHEL 8
0:12.1-3.el8
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/
https://security.gentoo.org/glsa/202003-03
https://www.postgresql.org/about/news/1949/
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/
https://security.gentoo.org/glsa/202003-03
https://www.postgresql.org/about/news/1949/