PostgreSQL Memory Disclosure Vulnerability by PostgreSQL
CVE-2021-32028
6.5MEDIUM
What is CVE-2021-32028?
A security flaw exists in PostgreSQL that allows an authenticated database user to exploit a crafted table using the INSERT ... ON CONFLICT ... DO UPDATE command, potentially leading to the exposure of arbitrary bytes from the server's memory. This weakness raises significant concerns regarding data confidentiality, making sensitive information vulnerable to unauthorized access.
Affected Version(s)
postgresql postgresql 13.3, postgresql 12.7, postgresql 11.12, postgresql 10.17, postgresql 9.6.22