CVE-2019-10164

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164

https://lists.fedoraproject.org/archives/list/[email protected]/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/

https://lists.fedoraproject.org/archives/list/[email protected]/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/

https://security.gentoo.org/glsa/202003-03

https://www.postgresql.org/about/news/1949/

Details

Source: MITRE

Published: 2019-06-26

Updated: 2020-10-02

Type: CWE-787

Risk Information

CVSS v2

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
150722Oracle Linux 7 : rh-postgresql10-postgresql (ELSA-2021-9290)NessusOracle Linux Local Security Checks
high
145882CentOS 8 : postgresql:10 (CESA-2020:3669)NessusCentOS Local Security Checks
high
145243RHEL 8 : postgresql:10 (RHSA-2021:0166)NessusRed Hat Local Security Checks
high
144559RHEL 8 : postgresql:10 (RHSA-2020:5664)NessusRed Hat Local Security Checks
high
140486Oracle Linux 8 : postgresql:10 (ELSA-2020-3669)NessusOracle Linux Local Security Checks
high
140398RHEL 8 : postgresql:10 (RHSA-2020:3669)NessusRed Hat Local Security Checks
high
134470GLSA-202003-03 : PostgreSQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
128193EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2019-1824)NessusHuawei Local Security Checks
high
127752SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:2012-1)NessusSuSE Local Security Checks
high
127744SUSE SLES12 Security Update : postgresql10 (SUSE-SU-2019:1783-2)NessusSuSE Local Security Checks
high
127085Fedora 29 : postgresql (2019-e43f49b428)NessusFedora Local Security Checks
high
127081Fedora 30 : libpq / postgresql (2019-9f04a701c0)NessusFedora Local Security Checks
high
126955Photon OS 1.0: Postgresql PHSA-2019-1.0-0243NessusPhotonOS Local Security Checks
high
126905openSUSE Security Update : postgresql10 (openSUSE-2019-1773)NessusSuSE Local Security Checks
high
126618SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:1810-1)NessusSuSE Local Security Checks
high
126595SUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2019:1783-1)NessusSuSE Local Security Checks
high
126315FreeBSD : PostgreSQL -- Stack-based buffer overflow via setting a password (245629d4-991e-11e9-82aa-6cc21735f730)NessusFreeBSD Local Security Checks
high
126309PostgreSQL 10.x < 10.9 / 11.x < 11.4 Stack Overflow Vulnerability (CVE-2019-10164)NessusDatabases
high
126098Ubuntu 18.04 LTS / 18.10 / 19.04 : PostgreSQL vulnerability (USN-4027-1)NessusUbuntu Local Security Checks
high