CVE-2019-10164
26.06.2019, 16:15
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.Enginsight
| Vendor | Product | Version |
|---|---|---|
| postgresql | postgresql | 10.0 ≤ 𝑥 < 10.9 |
| postgresql | postgresql | 11.0 ≤ 𝑥 < 11.4 |
| redhat | enterprise_linux | 8.0 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| postgresql-10 |
| ||||||||||
| postgresql-11 |
| ||||||||||
| postgresql-9.1 |
| ||||||||||
| postgresql-9.3 |
| ||||||||||
| postgresql-9.5 |
|
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References