CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
11.0 ≤
𝑥
< 11.13
postgresqlpostgresql
12.0 ≤
𝑥
< 12.8
postgresqlpostgresql
13.0 ≤
𝑥
< 13.4
redhatvirtualization
4.0
redhatenterprise_linux
8.0
redhatenterprise_linux_for_ibm_z_systems
8.0
redhatenterprise_linux_for_power_little_endian
8.0
redhatsoftware_collections
1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
postgresql-13
bullseye
13.16-0+deb11u1
fixed
bullseye (security)
13.16-0+deb11u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-10
bionic
not-affected
focal
dne
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
dne
postgresql-12
bionic
dne
focal
Fixed 12.8-0ubuntu0.20.04.1
released
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
dne
postgresql-13
bionic
dne
focal
dne
hirsute
Fixed 13.4-0ubuntu0.21.04.1
released
impish
Fixed 13.4-1
released
jammy
dne
trusty
dne
xenial
dne
postgresql-9.1
bionic
dne
focal
dne
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
dne
postgresql-9.3
bionic
dne
focal
dne
hirsute
dne
impish
dne
jammy
dne
trusty
not-affected
xenial
dne
postgresql-9.5
bionic
dne
focal
dne
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libecpg6
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 12 SP3
13.4-3.12.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
libpq5
suse enterprise desktop 15 SP2
13.4-5.16.2
fixed
suse enterprise desktop 15 SP3
13.4-5.16.2
fixed
suse enterprise desktop 15 SP4
13.4-5.16.2
fixed
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 12 SP3
13.4-3.12.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
libpq5-32bit
suse enterprise desktop 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise server 12 SP3
13.4-3.12.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
postgresql12
suse enterprise desktop 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP3
12.8-8.23.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.8-8.23.2
fixed
suse enterprise server 15 SP3
12.8-8.23.2
fixed
postgresql12-contrib
suse enterprise sap 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP3
12.8-8.23.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.8-8.23.2
fixed
suse enterprise server 15 SP3
12.8-8.23.2
fixed
postgresql12-devel
suse enterprise sap 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP3
12.8-8.23.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.8-8.23.2
fixed
suse enterprise server 15 SP3
12.8-8.23.2
fixed
postgresql12-docs
suse enterprise sap 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP3
12.8-8.23.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.8-8.23.2
fixed
suse enterprise server 15 SP3
12.8-8.23.2
fixed
postgresql12-plperl
suse enterprise sap 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP3
12.8-8.23.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.8-8.23.2
fixed
suse enterprise server 15 SP3
12.8-8.23.2
fixed
postgresql12-plpython
suse enterprise sap 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP3
12.8-8.23.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.8-8.23.2
fixed
suse enterprise server 15 SP3
12.8-8.23.2
fixed
postgresql12-pltcl
suse enterprise sap 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP3
12.8-8.23.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.8-8.23.2
fixed
suse enterprise server 15 SP3
12.8-8.23.2
fixed
postgresql12-server
suse enterprise sap 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP3
12.8-8.23.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.8-8.23.2
fixed
suse enterprise server 15 SP3
12.8-8.23.2
fixed
postgresql12-server-devel
suse enterprise sap 15 SP2
12.8-8.23.2
fixed
suse enterprise sap 15 SP3
12.8-8.23.2
fixed
suse enterprise server 15 SP1
12.12-150100.3.33.1
fixed
suse enterprise server 15 SP2
12.8-8.23.2
fixed
suse enterprise server 15 SP3
12.8-8.23.2
fixed
postgresql13
suse enterprise desktop 15 SP2
13.4-5.16.2
fixed
suse enterprise desktop 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
postgresql13-contrib
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
postgresql13-devel
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
postgresql13-docs
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
postgresql13-llvmjit
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
postgresql13-llvmjit-devel
suse enterprise sap 15 SP4
13.6-5.25.1
fixed
suse enterprise server 15 SP4
13.6-5.25.1
fixed
postgresql13-plperl
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
postgresql13-plpython
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
postgresql13-pltcl
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
postgresql13-server
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
postgresql13-server-devel
suse enterprise sap 15 SP2
13.4-5.16.2
fixed
suse enterprise sap 15 SP3
13.4-5.16.2
fixed
suse enterprise sap 15 SP4
13.4-5.16.2
fixed
suse enterprise server 15 SP2
13.4-5.16.2
fixed
suse enterprise server 15 SP3
13.4-5.16.2
fixed
suse enterprise server 15 SP4
13.4-5.16.2
fixed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2001857
https://security.gentoo.org/glsa/202211-04
https://security.netapp.com/advisory/ntap-20220407-0008/
https://www.postgresql.org/support/security/CVE-2021-3677/
https://bugzilla.redhat.com/show_bug.cgi?id=2001857
https://security.gentoo.org/glsa/202211-04
https://security.netapp.com/advisory/ntap-20220407-0008/
https://www.postgresql.org/support/security/CVE-2021-3677/