CVE-2020-21469 — Classic Buffer Overflow in Postgresql

CWE-120 — Classic Buffer Overflow5 documents5 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 92.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Debian Postgresql-13

Timeline

PublishedAug 22

Description

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/postgresql-13

▶NVDpostgresql/postgresql12.2

🔴Vulnerability Details

GHSA

GHSA-w8hm-59h4-7ff2: An issue was discovered in PostgreSQL 12↗2023-08-22

▶

OSV

CVE-2020-21469: An issue was discovered in PostgreSQL 12↗2023-08-22

▶

📋Vendor Advisories

Red Hat

postgresql: Stack buffer overflow when continuously send SIGHUP↗2023-08-22

▶

Debian

CVE-2020-21469: postgresql-13 - An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of...↗2020

▶