Memory Disclosure Vulnerability in PostgreSQL by PostgreSQL Global Development Group
CVE-2018-1052

6.5MEDIUM

What is CVE-2018-1052?

A memory disclosure vulnerability was discovered in PostgreSQL that affects versions 10.x prior to 10.2. This flaw allows authenticated attackers to exploit the system by inserting carefully crafted data into a partitioned table. As a result, they can reveal sensitive bytes from the server's memory, potentially exposing confidential information stored in the database. It is crucial for users of affected versions to upgrade to at least 10.2 to mitigate this security risk.

Affected Version(s)

postgresql 10.x before 10.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.