Detections
Analytics
Alpine: postgresql: security update to 11.3-r2 (deprecated)
high Tenable Cloud Security Plugin ID 400546
Description
There are packages installed that are affected by a vulnerability referenced in the following CVE:- PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer
overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to
a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system
account. (CVE-2019-10164)
See Also
https://git.alpinelinux.org/aports/commit/?id=4e3c1f5319f45388cb33a9948fc84edb725c0be4
https://git.alpinelinux.org/aports/commit/?id=6a033ac469647786c8b26d97bc6fad0fa1d35eac
Plugin Details
Severity: High
ID: 400546
Version: Revision 1.24
Type: Local
Published: 8/16/2023
Updated: 1/23/2025
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2019-10164
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 6/28/2019
Vulnerability Publication Date: 6/20/2019
Reference Information
CVE: CVE-2019-10164
BID: 108875
IAVB: 2019-B-0050