← Zuruck zu CVEs
CVE-2021-32028
MEDIUM6.5
Beschreibung
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht10/11/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
postgresql:postgresql
Schwachen (CWE)
CWE-200
Referenzen
https://bugzilla.redhat.com/show_bug.cgi?id=1956877(secalert@redhat.com)
https://security.gentoo.org/glsa/202211-04(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20211112-0003/(secalert@redhat.com)
https://www.postgresql.org/support/security/CVE-2021-32028(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1956877(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202211-04(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20211112-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.postgresql.org/support/security/CVE-2021-32028(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.