PostgreSQL Memory Disclosure Vulnerability by PostgreSQL
CVE-2021-32028

6.5MEDIUM

Key Information:

Vendor: Postgresql
Status: Postgresql
Vendor: CVE Published:; 11 October 2021

Summary

A security flaw exists in PostgreSQL that allows an authenticated database user to exploit a crafted table using the INSERT ... ON CONFLICT ... DO UPDATE command, potentially leading to the exposure of arbitrary bytes from the server's memory. This weakness raises significant concerns regarding data confidentiality, making sensitive information vulnerable to unauthorized access.

Affected Version(s)

postgresql postgresql 13.3, postgresql 12.7, postgresql 11.12, postgresql 10.17, postgresql 9.6.22

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956877

https://www.postgresql.org/support/security/CVE-2021-32028

https://security.netapp.com/advisory/ntap-20211112-0003/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2021
Vulnerability Reserved
May 4, 2021