asyncpg prior to 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magic asyncpg |
||
debian debian linux 9.0 |