CVE-2021-32029
EUVD-2021-1889508.10.2021, 17:15
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| postgresql | postgresql | 11.0 ≤ 𝑥 < 11.12 |
| postgresql | postgresql | 12.0 ≤ 𝑥 < 12.7 |
| postgresql | postgresql | 13.0 ≤ 𝑥 < 13.3 |
| redhat | jboss_enterprise_application_platform | 7.0.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| postgresql-10 |
| ||||||||||||||||||||||||
| postgresql-12 |
| ||||||||||||||||||||||||
| postgresql-13 |
| ||||||||||||||||||||||||
| postgresql-9.1 |
| ||||||||||||||||||||||||
| postgresql-9.3 |
| ||||||||||||||||||||||||
| postgresql-9.5 |
|
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.
References