CVE-2019-10129 — Out-of-bounds Read in Postgresql

CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 36.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Postgresql Project Postgresql

Timeline

PublishedJul 30

Latest updateMay 24

Description

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDpostgresql/postgresql11.0 — 11.3

▶Alpinepostgresql/postgresql< 11.3-r0+8

▶CVEListV5postgresql_project/postgresql11.x prior to 11.3

🔴Vulnerability Details

GHSA

GHSA-8f7w-x9j5-q7c8: A vulnerability was found in postgresql versions 11↗2022-05-24

▶

CVEList

CVE-2019-10129: A vulnerability was found in postgresql versions 11↗2019-07-30

▶

OSV

CVE-2019-10129: A vulnerability was found in postgresql versions 11↗2019-07-30

▶

OSV

postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities↗2019-05-13

▶

📋Vendor Advisories

Ubuntu

PostgreSQL vulnerabilities↗2019-05-13

▶

Red Hat

postgresql: Memory disclosure in partition routing↗2019-05-09

▶

💬Community

Bugzilla

CVE-2019-10129 postgresql: Memory disclosure in partition routing [fedora-all]↗2019-05-13

▶

Bugzilla

CVE-2019-10129 postgresql: Memory disclosure in partition routing↗2019-05-06

▶