CVE-2021-32029

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

References

https://www.postgresql.org/support/security/CVE-2021-32029/

https://bugzilla.redhat.com/show_bug.cgi?id=1956883

Details

Source: MITRE

Published: 2021-10-08

Updated: 2021-10-15

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
151725openSUSE 15 Security Update : postgresql12 (openSUSE-SU-2021:1994-1)NessusSuSE Local Security Checks
high
151684openSUSE 15 Security Update : postgresql13 (openSUSE-SU-2021:1785-1)NessusSuSE Local Security Checks
high
151492SUSE SLES15 Security Update : postgresql13 (SUSE-SU-2021:1785-2)NessusSuSE Local Security Checks
high
150893SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2021:1994-1)NessusSuSE Local Security Checks
high
150837CentOS 8 : postgresql:12 (CESA-2021:2372)NessusCentOS Local Security Checks
high
150834CentOS 8 : postgresql:13 (CESA-2021:2375)NessusCentOS Local Security Checks
high
150816RHEL 8 : postgresql:13 (RHSA-2021:2375)NessusRed Hat Local Security Checks
high
150815RHEL 8 : postgresql:12 (RHSA-2021:2372)NessusRed Hat Local Security Checks
high
150792RHEL 7 : rh-postgresql13-postgresql (RHSA-2021:2396)NessusRed Hat Local Security Checks
high
150790RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:2394)NessusRed Hat Local Security Checks
high
150759RHEL 8 : postgresql:12 (RHSA-2021:2389)NessusRed Hat Local Security Checks
high
150724Oracle Linux 8 : postgresql:13 (ELSA-2021-2375)NessusOracle Linux Local Security Checks
high
150723Oracle Linux 8 : postgresql:12 (ELSA-2021-2372)NessusOracle Linux Local Security Checks
high
150129Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : PostgreSQL vulnerabilities (USN-4972-1)NessusUbuntu Local Security Checks
high
150106SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:1785-1)NessusSuSE Local Security Checks
high
150101SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2021:1784-1)NessusSuSE Local Security Checks
high
150100SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2021:1783-1)NessusSuSE Local Security Checks
medium
149850PostgreSQL 9.6.x < 9.6.22 / 10.x < 10.17 / 11.x < 11.12 / 12.x < 12.7 / 13.x < 13.3 Multiple VulnerabilitiesNessusDatabases
high
149490Debian DSA-4915-1 : postgresql-11 - security updateNessusDebian Local Security Checks
high