CVE-2021-32028medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1956877
Details
Source: MITRE
Published: 2021-10-11
Updated: 2021-11-12
Type: CWE-200
Risk Information
CVSS v2
Base Score: 4
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
CVSS v3
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 154321 | SUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2021:3481-1) | Nessus | SuSE Local Security Checks | high |
| 153180 | Oracle Linux 8 : postgresql:10 (ELSA-2021-2361) | Nessus | Oracle Linux Local Security Checks | high |
| 152754 | Oracle Linux 7 : rh-postgresql10-postgresql (ELSA-2021-9428) | Nessus | Oracle Linux Local Security Checks | high |
| 152691 | SUSE SLES15 Security Update : postgresql10 (SUSE-SU-2021:2777-1) | Nessus | SuSE Local Security Checks | high |
| 151731 | openSUSE 15 Security Update : postgresql10 (openSUSE-SU-2021:1970-1) | Nessus | SuSE Local Security Checks | high |
| 151725 | openSUSE 15 Security Update : postgresql12 (openSUSE-SU-2021:1994-1) | Nessus | SuSE Local Security Checks | high |
| 151684 | openSUSE 15 Security Update : postgresql13 (openSUSE-SU-2021:1785-1) | Nessus | SuSE Local Security Checks | high |
| 151492 | SUSE SLES15 Security Update : postgresql13 (SUSE-SU-2021:1785-2) | Nessus | SuSE Local Security Checks | high |
| 151075 | openSUSE 15 Security Update : postgresql10 (openSUSE-SU-2021:0894-1) | Nessus | SuSE Local Security Checks | high |
| 150893 | SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2021:1994-1) | Nessus | SuSE Local Security Checks | high |
| 150891 | SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2021:1970-1) | Nessus | SuSE Local Security Checks | high |
| 150842 | CentOS 8 : postgresql:10 (CESA-2021:2361) | Nessus | CentOS Local Security Checks | high |
| 150840 | CentOS 8 : postgresql:9.6 (CESA-2021:2360) | Nessus | CentOS Local Security Checks | high |
| 150837 | CentOS 8 : postgresql:12 (CESA-2021:2372) | Nessus | CentOS Local Security Checks | high |
| 150834 | CentOS 8 : postgresql:13 (CESA-2021:2375) | Nessus | CentOS Local Security Checks | high |
| 150828 | RHEL 8 : postgresql:9.6 (RHSA-2021:2393) | Nessus | Red Hat Local Security Checks | high |
| 150825 | RHEL 8 : postgresql:9.6 (RHSA-2021:2360) | Nessus | Red Hat Local Security Checks | high |
| 150824 | RHEL 8 : postgresql:10 (RHSA-2021:2392) | Nessus | Red Hat Local Security Checks | high |
| 150817 | RHEL 8 : postgresql:10 (RHSA-2021:2361) | Nessus | Red Hat Local Security Checks | high |
| 150816 | RHEL 8 : postgresql:13 (RHSA-2021:2375) | Nessus | Red Hat Local Security Checks | high |
| 150815 | RHEL 8 : postgresql:12 (RHSA-2021:2372) | Nessus | Red Hat Local Security Checks | high |
| 150795 | RHEL 7 : rh-postgresql10-postgresql (RHSA-2021:2395) | Nessus | Red Hat Local Security Checks | high |
| 150792 | RHEL 7 : rh-postgresql13-postgresql (RHSA-2021:2396) | Nessus | Red Hat Local Security Checks | high |
| 150790 | RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:2394) | Nessus | Red Hat Local Security Checks | high |
| 150759 | RHEL 8 : postgresql:12 (RHSA-2021:2389) | Nessus | Red Hat Local Security Checks | high |
| 150758 | RHEL 8 : postgresql:10 (RHSA-2021:2390) | Nessus | Red Hat Local Security Checks | high |
| 150757 | RHEL 8 : postgresql:9.6 (RHSA-2021:2391) | Nessus | Red Hat Local Security Checks | high |
| 150724 | Oracle Linux 8 : postgresql:13 (ELSA-2021-2375) | Nessus | Oracle Linux Local Security Checks | high |
| 150723 | Oracle Linux 8 : postgresql:12 (ELSA-2021-2372) | Nessus | Oracle Linux Local Security Checks | high |
| 150493 | Oracle Linux 8 : postgresql:9.6 (ELSA-2021-2360) | Nessus | Oracle Linux Local Security Checks | high |
| 150129 | Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : PostgreSQL vulnerabilities (USN-4972-1) | Nessus | Ubuntu Local Security Checks | high |
| 150110 | SUSE SLES12 Security Update : postgresql10 (SUSE-SU-2021:1782-1) | Nessus | SuSE Local Security Checks | high |
| 150106 | SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:1785-1) | Nessus | SuSE Local Security Checks | high |
| 150101 | SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2021:1784-1) | Nessus | SuSE Local Security Checks | high |
| 150100 | SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2021:1783-1) | Nessus | SuSE Local Security Checks | medium |
| 149850 | PostgreSQL 9.6.x < 9.6.22 / 10.x < 10.17 / 11.x < 11.12 / 12.x < 12.7 / 13.x < 13.3 Multiple Vulnerabilities | Nessus | Databases | high |
| 149517 | Debian DLA-2662-1 : postgresql-9.6 security update | Nessus | Debian Local Security Checks | high |
| 149490 | Debian DSA-4915-1 : postgresql-11 - security update | Nessus | Debian Local Security Checks | high |