PostgreSQL versions 10.x prior to 10.9 and versions 11.x prior to 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
postgresql postgresql |
||
redhat enterprise linux 8.0 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |