Published: 26/06/2019 Updated: 07/11/2023

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

PostgreSQL versions 10.x prior to 10.9 and versions 11.x prior to 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql
redhat enterprise linux 8.0
fedoraproject fedora 29
fedoraproject fedora 30
opensuse leap 15.0
opensuse leap 15.1

PostgreSQL could be made to crash or run programs if it received specially crafted network traffic ...

Synopsis Important: postgresql:10 security update Type/Severity Security Advisory: Important Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Commo ...

Synopsis Moderate: postgresql:10 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Synopsis Important: postgresql:10 security update Type/Severity Security Advisory: Important Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Importan ...

Synopsis Moderate: rh-postgresql10-postgresql security update Type/Severity Security Advisory: Moderate Topic An update for rh-postgresql10-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabil ...

An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account ...

An investigation into PostgreSQL for fictional organisation

software-sec-report An investigation into PostgreSQL for a fictitious organisation Completed for an assessment in CMP417 Within their organisation, their modifications to their database version allowed a security fault to be introduced into the software, specifically CWE-787 which is an out-of-bounds write This would cause the vulnerability CVE-2019-10164, which could be dev

CWE-787 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164 https://www.postgresql.org/about/news/1949/http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html https://security.gentoo.org/glsa/202003-03 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/https://usn.ubuntu.com/4027-1/https://nvd.nist.gov https://www.postgresql.org/support/security/CVE-2019-10164/

CVE-2019-10164

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect