| VID |
25314 |
| Severity |
40 |
| Port |
5432 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of PostgreSQL installed on the remote host is 10.x prior to 10.9. As such, it is potentially affected by a stack overflow vulnerability. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value.
* References:
https://www.postgresql.org/about/news/1949/ https://access.redhat.com/security/cve/CVE-2019-10164
* Platforms Affected:
PostgreSQL 10.x prior to 10.9
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PostgreSQL (10.9 or later), available from the PostgreSQL Web page at http://www.postgresql.org/download/ |
| Related URL |
CVE-2019-10164 (CVE) |
| Related URL |
108875 (SecurityFocus) |
| Related URL |
(ISS) |
|
