CVE-2019-10164Stack-based Buffer Overflow in Postgresql

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write9 documents6 sources
Severity
8.8HIGHNVD
EPSS
13.4%
top 5.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PostgresqlFedoraproject FedoraOpensuse Leap+1 more
Timeline
PublishedJun 26
Latest updateMay 24

Description

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDpostgresql/postgresql10.010.9+1
Alpinepostgresql/postgresql< 11.4-r0+7
CVEListV5postgresql/postgresql10.9, 11.4+1
NVDopensuse/leap15.0, 15.1+1

Also affects: Fedora 29, 30, Enterprise Linux 8.0

🔴Vulnerability Details

2
GHSA
GHSA-gr34-mv2c-wc84: PostgreSQL versions 102022-05-24
OSV
CVE-2019-10164: PostgreSQL versions 102019-06-26

📋Vendor Advisories

2
Red Hat
postgresql: Stack-based buffer overflow via setting a password2019-06-20
Ubuntu
PostgreSQL vulnerability2019-06-20

💬Community

4
Bugzilla
CVE-2019-10164 mingw-postgresql: PostgreSQL: stack-based buffer overflow via setting a password [fedora-all]2019-06-24
Bugzilla
CVE-2019-10164 mingw-postgresql: PostgreSQL: stack-based buffer overflow via setting a password [epel-7]2019-06-24
Bugzilla
CVE-2019-10164 postgresql: stack-based buffer overflow via setting a password [fedora-all]2019-06-24
Bugzilla
CVE-2019-10164 postgresql: Stack-based buffer overflow via setting a password2019-06-12