CVE-2019-10209 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.2 LOW	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
redhat	CNA	3.1 LOW	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Vendor	Product	Version
postgresql	postgresql	11.0 ≤ 𝑥 < 11.5

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

postgresql-10

disco	dne
bionic	not-affected
xenial	dne
trusty	dne

postgresql-11

disco	Fixed 11.5-0ubuntu0.19.04.1 released
bionic	dne
xenial	dne
trusty	dne

postgresql-9.1

disco	dne
bionic	dne
xenial	dne
trusty	dne

postgresql-9.3

disco	dne
bionic	dne
xenial	dne
trusty	not-affected

postgresql-9.5

disco	dne
bionic	dne
xenial	not-affected
trusty	dne

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209

https://www.postgresql.org/about/news/1960/

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209

https://www.postgresql.org/about/news/1960/