CVE-2021-32029

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
11.0 ≤
𝑥
< 11.12
postgresqlpostgresql
12.0 ≤
𝑥
< 12.7
postgresqlpostgresql
13.0 ≤
𝑥
< 13.3
redhatjboss_enterprise_application_platform
7.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
postgresql-13
bullseye
13.16-0+deb11u1
fixed
bullseye (security)
13.16-0+deb11u1
fixed
stretch
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-10
bionic
not-affected
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
postgresql-12
bionic
dne
focal
Fixed 12.7-0ubuntu0.20.04.1
released
groovy
Fixed 12.7-0ubuntu0.20.10.1
released
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
postgresql-13
bionic
dne
focal
dne
groovy
dne
hirsute
Fixed 13.3-0ubuntu0.21.04.1
released
impish
not-affected
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
postgresql-9.1
bionic
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
postgresql-9.3
bionic
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
deferred
xenial
dne
postgresql-9.5
bionic
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libecpg6
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise sap 15 SP5
13.3-5.10.1
fixed
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 12 SP3
13.3-3.9.3
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP5
13.3-5.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
libpq5
suse enterprise desktop 15 SP2
13.3-5.10.1
fixed
suse enterprise desktop 15 SP3
13.3-5.10.1
fixed
suse enterprise desktop 15 SP4
13.3-5.10.1
fixed
suse enterprise desktop 15 SP5
13.3-5.10.1
fixed
suse enterprise desktop 15 SP6
16.2-150600.14.11
fixed
suse enterprise desktop 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise sap 15 SP5
13.3-5.10.1
fixed
suse enterprise sap 15 SP6
16.2-150600.14.11
fixed
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 12 SP3
13.3-3.9.3
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP5
13.3-5.10.1
fixed
suse enterprise server 15 SP6
16.2-150600.14.11
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
libpq5-32bit
suse enterprise desktop 15 SP2
13.3-5.10.1
fixed
suse enterprise desktop 15 SP6
16.2-150600.14.11
fixed
suse enterprise desktop 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP6
16.2-150600.14.11
fixed
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 12 SP3
13.3-3.9.3
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP6
16.2-150600.14.11
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
postgresql12
suse enterprise desktop 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP3
12.7-8.20.1
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.7-8.20.1
fixed
suse enterprise server 15 SP3
12.7-8.20.1
fixed
postgresql12-contrib
suse enterprise sap 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP3
12.7-8.20.1
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.7-8.20.1
fixed
suse enterprise server 15 SP3
12.7-8.20.1
fixed
postgresql12-devel
suse enterprise sap 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP3
12.7-8.20.1
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.7-8.20.1
fixed
suse enterprise server 15 SP3
12.7-8.20.1
fixed
postgresql12-docs
suse enterprise sap 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP3
12.7-8.20.1
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.7-8.20.1
fixed
suse enterprise server 15 SP3
12.7-8.20.1
fixed
postgresql12-plperl
suse enterprise sap 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP3
12.7-8.20.1
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.7-8.20.1
fixed
suse enterprise server 15 SP3
12.7-8.20.1
fixed
postgresql12-plpython
suse enterprise sap 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP3
12.7-8.20.1
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.7-8.20.1
fixed
suse enterprise server 15 SP3
12.7-8.20.1
fixed
postgresql12-pltcl
suse enterprise sap 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP3
12.7-8.20.1
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.7-8.20.1
fixed
suse enterprise server 15 SP3
12.7-8.20.1
fixed
postgresql12-server
suse enterprise sap 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP3
12.7-8.20.1
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.7-8.20.1
fixed
suse enterprise server 15 SP3
12.7-8.20.1
fixed
postgresql12-server-devel
suse enterprise sap 15 SP2
12.7-8.20.1
fixed
suse enterprise sap 15 SP3
12.7-8.20.1
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.7-8.20.1
fixed
suse enterprise server 15 SP3
12.7-8.20.1
fixed
postgresql13
suse enterprise desktop 15 SP2
13.3-5.10.1
fixed
suse enterprise desktop 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql13-contrib
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql13-devel
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql13-docs
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql13-llvmjit
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql13-llvmjit-devel
suse enterprise sap 15 SP4
13.6-5.25.1
fixed
suse enterprise server 15 SP4
13.6-5.25.1
fixed
postgresql13-plperl
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql13-plpython
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql13-pltcl
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql13-server
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql13-server-devel
suse enterprise sap 15 SP2
13.3-5.10.1
fixed
suse enterprise sap 15 SP3
13.3-5.10.1
fixed
suse enterprise sap 15 SP4
13.3-5.10.1
fixed
suse enterprise server 15 SP2
13.3-5.10.1
fixed
suse enterprise server 15 SP3
13.3-5.10.1
fixed
suse enterprise server 15 SP4
13.3-5.10.1
fixed
postgresql14
suse enterprise desktop 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP4
14.2-5.9.2
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-contrib
suse enterprise sap 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP4
14.2-5.9.2
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-devel
suse enterprise sap 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP4
14.2-5.9.2
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-docs
suse enterprise sap 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP4
14.2-5.9.2
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-llvmjit
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-llvmjit-devel
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-plperl
suse enterprise sap 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP4
14.2-5.9.2
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-plpython
suse enterprise sap 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP4
14.2-5.9.2
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-pltcl
suse enterprise sap 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP4
14.2-5.9.2
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-server
suse enterprise sap 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP4
14.2-5.9.2
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql14-server-devel
suse enterprise sap 15 SP4
14.2-5.9.2
fixed
suse enterprise sap 15 SP5
14.8-150200.5.26.1
fixed
suse enterprise server 15 SP4
14.2-5.9.2
fixed
suse enterprise server 15 SP5
14.8-150200.5.26.1
fixed
postgresql15
suse enterprise desktop 15 SP5
15.3-150200.5.9.1
fixed
suse enterprise sap 15 SP5
15.3-150200.5.9.1
fixed
suse enterprise sap 15 SP6
15.6-150600.14.4
fixed
suse enterprise sap 15 SP7
15.12-150600.16.14.1
fixed
suse enterprise server 15 SP5
15.3-150200.5.9.1
fixed
suse enterprise server 15 SP6
15.6-150600.14.4
fixed
suse enterprise server 15 SP7
15.12-150600.16.14.1
fixed
postgresql15-contrib
suse enterprise sap 15 SP6
15.6-150600.14.4
fixed
suse enterprise sap 15 SP7
15.12-150600.16.14.1
fixed
suse enterprise server 15 SP6
15.6-150600.14.4
fixed
suse enterprise server 15 SP7
15.12-150600.16.14.1
fixed
postgresql15-devel
suse enterprise sap 15 SP7
15.12-150600.16.14.1
fixed
suse enterprise server 15 SP7
15.12-150600.16.14.1
fixed
postgresql15-server
suse enterprise sap 15 SP6
15.6-150600.14.4
fixed
suse enterprise sap 15 SP7
15.12-150600.16.14.1
fixed
suse enterprise server 15 SP6
15.6-150600.14.4
fixed
suse enterprise server 15 SP7
15.12-150600.16.14.1
fixed
postgresql16
suse enterprise desktop 15 SP6
16.2-150600.14.11
fixed
suse enterprise sap 15 SP6
16.2-150600.14.11
fixed
suse enterprise sap 15 SP7
16.8-150600.16.15.1
fixed
suse enterprise server 15 SP6
16.2-150600.14.11
fixed
suse enterprise server 15 SP7
16.8-150600.16.15.1
fixed
postgresql16-contrib
suse enterprise sap 15 SP7
16.8-150600.16.15.1
fixed
suse enterprise server 15 SP7
16.8-150600.16.15.1
fixed
postgresql16-devel
suse enterprise sap 15 SP7
16.8-150600.16.15.1
fixed
suse enterprise server 15 SP7
16.8-150600.16.15.1
fixed
postgresql16-server
suse enterprise sap 15 SP7
16.8-150600.16.15.1
fixed
suse enterprise server 15 SP7
16.8-150600.16.15.1
fixed
postgresql17
suse enterprise desktop 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
postgresql17-contrib
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
postgresql17-devel
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
postgresql17-docs
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
postgresql17-plperl
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
postgresql17-plpython
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
postgresql17-pltcl
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
postgresql17-server
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
postgresql17-server-devel
suse enterprise sap 15 SP7
17.4-150600.13.10.1
fixed
suse enterprise server 15 SP7
17.4-150600.13.10.1
fixed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1956883
https://security.netapp.com/advisory/ntap-20211112-0003/
https://www.postgresql.org/support/security/CVE-2021-32029/
https://bugzilla.redhat.com/show_bug.cgi?id=1956883
https://security.netapp.com/advisory/ntap-20211112-0003/
https://www.postgresql.org/support/security/CVE-2021-32029/