Home

CVE-2019-10129

Description

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.442

Associated Vulnerability

VulnerabilityOS Platform
Update Postgresql to version 11.3Windows
Vulnerabilities CVE-2019-10130,CVE-2019-10129,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 11.3Windows
object-relational SQL database (USN-3972-1) postgresql-9.5_9.5.17-0ubuntu0.16.04.1_i386.debLinux
object-relational SQL database (USN-3972-1) postgresql-9.5_9.5.17-0ubuntu0.16.04.1_amd64.debLinux
Update Postgresql to version 11.3 (For Linux)Linux
Rh-postgresql10-postgresql update (ELSA-2021-9290) rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-devel update (ELSA-2021-9290) rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-docs update (ELSA-2021-9290) rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-libs update (ELSA-2021-9290) rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plperl update (ELSA-2021-9290) rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plpython update (ELSA-2021-9290) rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-pltcl update (ELSA-2021-9290) rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server update (ELSA-2021-9290) rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-static update (ELSA-2021-9290) rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-test update (ELSA-2021-9290) rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpmLinux
Vulnerabilities CVE-2019-10130,CVE-2019-10129,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 11.3 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234