CVE-2021-32028

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956877

https://www.postgresql.org/support/security/CVE-2021-32028

Details

Source: MITRE

Published: 2021-10-11

Updated: 2021-10-18

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (38 total)

IDNameProductFamilySeverity
154321SUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2021:3481-1)NessusSuSE Local Security Checks
high
153180Oracle Linux 8 : postgresql:10 (ELSA-2021-2361)NessusOracle Linux Local Security Checks
high
152754Oracle Linux 7 : rh-postgresql10-postgresql (ELSA-2021-9428)NessusOracle Linux Local Security Checks
high
152691SUSE SLES15 Security Update : postgresql10 (SUSE-SU-2021:2777-1)NessusSuSE Local Security Checks
high
151731openSUSE 15 Security Update : postgresql10 (openSUSE-SU-2021:1970-1)NessusSuSE Local Security Checks
high
151725openSUSE 15 Security Update : postgresql12 (openSUSE-SU-2021:1994-1)NessusSuSE Local Security Checks
high
151684openSUSE 15 Security Update : postgresql13 (openSUSE-SU-2021:1785-1)NessusSuSE Local Security Checks
high
151492SUSE SLES15 Security Update : postgresql13 (SUSE-SU-2021:1785-2)NessusSuSE Local Security Checks
high
151075openSUSE 15 Security Update : postgresql10 (openSUSE-SU-2021:0894-1)NessusSuSE Local Security Checks
high
150893SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2021:1994-1)NessusSuSE Local Security Checks
high
150891SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2021:1970-1)NessusSuSE Local Security Checks
high
150842CentOS 8 : postgresql:10 (CESA-2021:2361)NessusCentOS Local Security Checks
high
150840CentOS 8 : postgresql:9.6 (CESA-2021:2360)NessusCentOS Local Security Checks
high
150837CentOS 8 : postgresql:12 (CESA-2021:2372)NessusCentOS Local Security Checks
high
150834CentOS 8 : postgresql:13 (CESA-2021:2375)NessusCentOS Local Security Checks
high
150828RHEL 8 : postgresql:9.6 (RHSA-2021:2393)NessusRed Hat Local Security Checks
high
150825RHEL 8 : postgresql:9.6 (RHSA-2021:2360)NessusRed Hat Local Security Checks
high
150824RHEL 8 : postgresql:10 (RHSA-2021:2392)NessusRed Hat Local Security Checks
high
150817RHEL 8 : postgresql:10 (RHSA-2021:2361)NessusRed Hat Local Security Checks
high
150816RHEL 8 : postgresql:13 (RHSA-2021:2375)NessusRed Hat Local Security Checks
high
150815RHEL 8 : postgresql:12 (RHSA-2021:2372)NessusRed Hat Local Security Checks
high
150795RHEL 7 : rh-postgresql10-postgresql (RHSA-2021:2395)NessusRed Hat Local Security Checks
high
150792RHEL 7 : rh-postgresql13-postgresql (RHSA-2021:2396)NessusRed Hat Local Security Checks
high
150790RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:2394)NessusRed Hat Local Security Checks
high
150759RHEL 8 : postgresql:12 (RHSA-2021:2389)NessusRed Hat Local Security Checks
high
150758RHEL 8 : postgresql:10 (RHSA-2021:2390)NessusRed Hat Local Security Checks
high
150757RHEL 8 : postgresql:9.6 (RHSA-2021:2391)NessusRed Hat Local Security Checks
high
150724Oracle Linux 8 : postgresql:13 (ELSA-2021-2375)NessusOracle Linux Local Security Checks
high
150723Oracle Linux 8 : postgresql:12 (ELSA-2021-2372)NessusOracle Linux Local Security Checks
high
150493Oracle Linux 8 : postgresql:9.6 (ELSA-2021-2360)NessusOracle Linux Local Security Checks
high
150129Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : PostgreSQL vulnerabilities (USN-4972-1)NessusUbuntu Local Security Checks
high
150110SUSE SLES12 Security Update : postgresql10 (SUSE-SU-2021:1782-1)NessusSuSE Local Security Checks
high
150106SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:1785-1)NessusSuSE Local Security Checks
high
150101SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2021:1784-1)NessusSuSE Local Security Checks
high
150100SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2021:1783-1)NessusSuSE Local Security Checks
medium
149850PostgreSQL 9.6.x < 9.6.22 / 10.x < 10.17 / 11.x < 11.12 / 12.x < 12.7 / 13.x < 13.3 Multiple VulnerabilitiesNessusDatabases
high
149517Debian DLA-2662-1 : postgresql-9.6 security updateNessusDebian Local Security Checks
high
149490Debian DSA-4915-1 : postgresql-11 - security updateNessusDebian Local Security Checks
high