CVE-2021-32027

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://www.postgresql.org/support/security/CVE-2021-32027/

https://bugzilla.redhat.com/show_bug.cgi?id=1956876

https://security.netapp.com/advisory/ntap-20210713-0004/

Details

Source: MITRE

Published: 2021-06-01

Updated: 2021-09-14

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (47 total)

IDNameProductFamilySeverity
154534NewStart CGSL CORE 5.04 / MAIN 5.04 : postgresql Vulnerability (NS-SA-2021-0116)NessusNewStart CGSL Local Security Checks
high
154402EulerOS 2.0 SP3 : postgresql (EulerOS-SA-2021-2607)NessusHuawei Local Security Checks
high
154321SUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2021:3481-1)NessusSuSE Local Security Checks
high
153274EulerOS 2.0 SP2 : postgresql (EulerOS-SA-2021-2426)NessusHuawei Local Security Checks
high
153180Oracle Linux 8 : postgresql:10 (ELSA-2021-2361)NessusOracle Linux Local Security Checks
high
153066EulerOS 2.0 SP5 : postgresql (EulerOS-SA-2021-2344)NessusHuawei Local Security Checks
high
152754Oracle Linux 7 : rh-postgresql10-postgresql (ELSA-2021-9428)NessusOracle Linux Local Security Checks
high
152691SUSE SLES15 Security Update : postgresql10 (SUSE-SU-2021:2777-1)NessusSuSE Local Security Checks
high
152399EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2021-2312)NessusHuawei Local Security Checks
high
151731openSUSE 15 Security Update : postgresql10 (openSUSE-SU-2021:1970-1)NessusSuSE Local Security Checks
high
151725openSUSE 15 Security Update : postgresql12 (openSUSE-SU-2021:1994-1)NessusSuSE Local Security Checks
high
151684openSUSE 15 Security Update : postgresql13 (openSUSE-SU-2021:1785-1)NessusSuSE Local Security Checks
high
151507Amazon Linux AMI : postgresql96 (ALAS-2021-1520)NessusAmazon Linux Local Security Checks
high
151492SUSE SLES15 Security Update : postgresql13 (SUSE-SU-2021:1785-2)NessusSuSE Local Security Checks
high
151075openSUSE 15 Security Update : postgresql10 (openSUSE-SU-2021:0894-1)NessusSuSE Local Security Checks
high
150893SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2021:1994-1)NessusSuSE Local Security Checks
high
150891SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2021:1970-1)NessusSuSE Local Security Checks
high
150842CentOS 8 : postgresql:10 (CESA-2021:2361)NessusCentOS Local Security Checks
high
150840CentOS 8 : postgresql:9.6 (CESA-2021:2360)NessusCentOS Local Security Checks
high
150837CentOS 8 : postgresql:12 (CESA-2021:2372)NessusCentOS Local Security Checks
high
150834CentOS 8 : postgresql:13 (CESA-2021:2375)NessusCentOS Local Security Checks
high
150828RHEL 8 : postgresql:9.6 (RHSA-2021:2393)NessusRed Hat Local Security Checks
high
150825RHEL 8 : postgresql:9.6 (RHSA-2021:2360)NessusRed Hat Local Security Checks
high
150824RHEL 8 : postgresql:10 (RHSA-2021:2392)NessusRed Hat Local Security Checks
high
150817RHEL 8 : postgresql:10 (RHSA-2021:2361)NessusRed Hat Local Security Checks
high
150816RHEL 8 : postgresql:13 (RHSA-2021:2375)NessusRed Hat Local Security Checks
high
150815RHEL 8 : postgresql:12 (RHSA-2021:2372)NessusRed Hat Local Security Checks
high
150795RHEL 7 : rh-postgresql10-postgresql (RHSA-2021:2395)NessusRed Hat Local Security Checks
high
150792RHEL 7 : rh-postgresql13-postgresql (RHSA-2021:2396)NessusRed Hat Local Security Checks
high
150790RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:2394)NessusRed Hat Local Security Checks
high
150779Oracle Linux 7 : postgresql (ELSA-2021-2397)NessusOracle Linux Local Security Checks
high
150768Scientific Linux Security Update : postgresql on SL7.x i686/x86_64 (2021:2397)NessusScientific Linux Local Security Checks
high
150759RHEL 8 : postgresql:12 (RHSA-2021:2389)NessusRed Hat Local Security Checks
high
150758RHEL 8 : postgresql:10 (RHSA-2021:2390)NessusRed Hat Local Security Checks
high
150757RHEL 8 : postgresql:9.6 (RHSA-2021:2391)NessusRed Hat Local Security Checks
high
150756RHEL 7 : postgresql (RHSA-2021:2397)NessusRed Hat Local Security Checks
high
150724Oracle Linux 8 : postgresql:13 (ELSA-2021-2375)NessusOracle Linux Local Security Checks
high
150723Oracle Linux 8 : postgresql:12 (ELSA-2021-2372)NessusOracle Linux Local Security Checks
high
150493Oracle Linux 8 : postgresql:9.6 (ELSA-2021-2360)NessusOracle Linux Local Security Checks
high
150129Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : PostgreSQL vulnerabilities (USN-4972-1)NessusUbuntu Local Security Checks
high
150110SUSE SLES12 Security Update : postgresql10 (SUSE-SU-2021:1782-1)NessusSuSE Local Security Checks
high
150106SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:1785-1)NessusSuSE Local Security Checks
high
150101SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2021:1784-1)NessusSuSE Local Security Checks
high
150100SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2021:1783-1)NessusSuSE Local Security Checks
medium
149850PostgreSQL 9.6.x < 9.6.22 / 10.x < 10.17 / 11.x < 11.12 / 12.x < 12.7 / 13.x < 13.3 Multiple VulnerabilitiesNessusDatabases
high
149517Debian DLA-2662-1 : postgresql-9.6 security updateNessusDebian Local Security Checks
high
149490Debian DSA-4915-1 : postgresql-11 - security updateNessusDebian Local Security Checks
high