Published: 08/10/2021 Updated: 05/08/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-32027) A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-32028) A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. (CVE-2021-32029) An information leak exists in postgresql in versions prior to 13.2, prior to 12.6 and prior to 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. (CVE-2021-3393)

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql
redhat jboss enterprise application platform 7.0.0

Multiple security issues have been discovered in the PostgreSQL database system, which could result in the execution of arbitrary code or disclosure of memory content For the stable distribution (buster), these problems have been fixed in version 1112-0+deb10u1 We recommend that you upgrade your postgresql-11 packages For the detailed security ...

A flaw was found in postgresql While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-32027) A flaw was found in postgresql U ...

No description is available for this CVE ...

A security issue was found in PostgreSQL before version 133 Using an UPDATE RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will A user lacking the CREATE and TEMPO ...

Using an UPDATE RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on a ...

CWE-125 https://www.postgresql.org/support/security/CVE-2021-32029/https://bugzilla.redhat.com/show_bug.cgi?id=1956883 https://security.netapp.com/advisory/ntap-20211112-0003/https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4915 https://www.postgresql.org/support/security/CVE-2021-32029/https://alas.aws.amazon.com/AL2/ALASPOSTGRESQL12-2023-004.html

CVE-2021-32029

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect