Home

CVE-2019-10164

Description

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the users own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
5.903

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Postgresql 11.3Windows
Vulnerabilities CVE-2019-10164 are fixed in PostgreSQL 11.4Windows
Vulnerabilities CVE-2019-10164 are fixed in PostgreSQL 10.9Windows
Multiple vulnerabilities affected in Postgresql 11.3 (For Linux)Linux
Rh-postgresql10-postgresql update (ELSA-2021-9290) rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-devel update (ELSA-2021-9290) rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-docs update (ELSA-2021-9290) rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-libs update (ELSA-2021-9290) rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plperl update (ELSA-2021-9290) rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plpython update (ELSA-2021-9290) rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-pltcl update (ELSA-2021-9290) rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server update (ELSA-2021-9290) rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-static update (ELSA-2021-9290) rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-test update (ELSA-2021-9290) rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpmLinux
Vulnerabilities CVE-2019-10164 are fixed in PostgreSQL 11.4 (For Linux)Linux
Vulnerabilities CVE-2019-10164 are fixed in PostgreSQL 10.9 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234