Korean
<< Back
VID 25357
Severity 40
Port 5432
Protocol TCP
Class DB
Detailed Description The version of PostgreSQL installed on the remote host is 9.6 prior to 9.6.22, 10 prior to 10.17, 11 prior to 11.12, 12 prior to 12.7, or 13 prior to 13.3. As such, it is potentially affected by multiple vulnerabilities :

- Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027)

- Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE (CVE-2021-32028)

- Memory disclosure in partitioned-table UPDATE ... RETURNING (CVE-2021-32029)

* References:
https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
http://www.postgresql.org/support/security/CVE-2021-32029/
http://www.postgresql.org/support/security/CVE-2021-32028/
http://www.postgresql.org/support/security/CVE-2021-32027/

* Platforms Affected:
PostgreSQL 9.6.x prior to 9.6.22
Any operating system Any version
Recommendation Upgrade to the latest version of PostgreSQL (9.6.22 or later), available from the PostgreSQL Web page at http://www.postgresql.org/download/
Related URL CVE-2021-3393,CVE-2021-20229 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)