CVE-2021-32029
08.10.2021, 17:15
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.Enginsight
Vendor | Product | Version |
---|---|---|
postgresql | postgresql | 11.0 ≤ 𝑥 < 11.12 |
postgresql | postgresql | 12.0 ≤ 𝑥 < 12.7 |
postgresql | postgresql | 13.0 ≤ 𝑥 < 13.3 |
redhat | jboss_enterprise_application_platform | 7.0.0 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
postgresql-10 |
| ||||||||||||||||||||||||
postgresql-12 |
| ||||||||||||||||||||||||
postgresql-13 |
| ||||||||||||||||||||||||
postgresql-9.1 |
| ||||||||||||||||||||||||
postgresql-9.3 |
| ||||||||||||||||||||||||
postgresql-9.5 |
|
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.
References