Home

CVE-2021-32029

Description

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.242

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-32029 Announcement,CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 13.3Windows
Vulnerabilities CVE-2021-32029 Announcement,CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 12.7Windows
Vulnerabilities CVE-2021-32029 Announcement,CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 11.12Windows
Vulnerabilities CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 10.17Windows
Vulnerabilities CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 9.6.22Windows
Vulnerabilities CVE-2021-32029,CVE-2021-32028,CVE-2021-32027 are fixed in PostgreSQL 13.3Windows
Vulnerabilities CVE-2021-32029,CVE-2021-32028,CVE-2021-32027 are fixed in PostgreSQL 12.7Windows
Vulnerabilities CVE-2021-32029,CVE-2021-32028,CVE-2021-32027 are fixed in PostgreSQL 11.12Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.0.0Windows
postgresql-11 security update(DSA-4915-1) postgresql-11_11.12-0+deb10u1_i386.debLinux
postgresql-11 security update(DSA-4915-1) postgresql-11_11.12-0+deb10u1_amd64.debLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-contrib-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-contrib-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-debugsource-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-docs-12.7-3.15.3.noarch.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plperl-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plperl-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plpython-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plpython-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-pltcl-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-pltcl-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-server-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-server-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) libecpg6-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) libecpg6-debuginfo-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-32bit-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-debuginfo-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-debuginfo-32bit-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-contrib-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-contrib-debuginfo-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-debuginfo-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-debugsource-13.3-3.9.2.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-debugsource-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-docs-13.3-3.9.3.noarch.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-plperl-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-plperl-debuginfo-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-plpython-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-plpython-debuginfo-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-pltcl-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-pltcl-debuginfo-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-server-13.3-3.9.3.x86_64.rpmLinux
SUSE-SU-2021:1784-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-server-debuginfo-13.3-3.9.3.x86_64.rpmLinux
Object-relational SQL database (USN-4972-1) postgresql-10_10.17-0ubuntu0.18.04.1_i386.debLinux
Object-relational SQL database (USN-4972-1) postgresql-10_10.17-0ubuntu0.18.04.1_amd64.debLinux
Object-relational SQL database (USN-4972-1) postgresql-12_12.7-0ubuntu0.20.04.1_i386.debLinux
Object-relational SQL database (USN-4972-1) postgresql-12_12.7-0ubuntu0.20.04.1_amd64.debLinux
Object-relational SQL database (USN-4972-1) postgresql-12_12.7-0ubuntu0.20.10.1_i386.debLinux
Object-relational SQL database (USN-4972-1) postgresql-12_12.7-0ubuntu0.20.10.1_amd64.debLinux
Object-relational SQL database (USN-4972-1) postgresql-13_13.3-0ubuntu0.21.04.1_i386.debLinux
Object-relational SQL database (USN-4972-1) postgresql-13_13.3-0ubuntu0.21.04.1_amd64.debLinux
(RHSA-2021:2372) postgresql:12 security update pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update pgaudit-debugsource-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-contrib-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-debugsource-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-docs-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-plperl-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-plpython3-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-pltcl-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-server-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-server-devel-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-static-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-test-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-test-rpm-macros-12.7-1.module+el8.4.0+11288+c193d6d7.noarch.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-upgrade-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-upgrade-devel-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-contrib-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-debugsource-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-docs-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-plperl-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-plpython3-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-pltcl-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-server-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-server-devel-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-static-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-test-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-test-rpm-macros-13.3-1.module+el8.4.0+11254+85259292.noarch.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-upgrade-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
(RHSA-2021:2375) postgresql:13 security update postgresql-upgrade-devel-13.3-1.module+el8.4.0+11254+85259292.x86_64.rpmLinux
Vulnerabilities CVE-2021-32029 Announcement,CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 13.3 (For Linux)Linux
Vulnerabilities CVE-2021-32029 Announcement,CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 12.7 (For Linux)Linux
Vulnerabilities CVE-2021-32029 Announcement,CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 11.12 (For Linux)Linux
Vulnerabilities CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 10.17 (For Linux)Linux
Vulnerabilities CVE-2021-32028 Announcement,CVE-2021-32027 Announcement are fixed in Postgresql 9.6.22 (For Linux)Linux
Vulnerabilities CVE-2021-32029,CVE-2021-32028,CVE-2021-32027 are fixed in PostgreSQL 13.3 (For Linux)Linux
Vulnerabilities CVE-2021-32029,CVE-2021-32028,CVE-2021-32027 are fixed in PostgreSQL 12.7 (For Linux)Linux
Vulnerabilities CVE-2021-32029,CVE-2021-32028,CVE-2021-32027 are fixed in PostgreSQL 11.12 (For Linux)Linux
postgresql:13 security update (RLSA-2021:2375) postgres-decoderbufs-0.10.0-2.module+el8.5.0+684+c3892ef9.x86_64.rpmLinux
postgresql:13 security update (RLSA-2021:2375) pgaudit-1.5.0-1.module+el8.5.0+684+c3892ef9.x86_64.rpmLinux
postgresql:12 security update (RLSA-2021:2372) postgres-decoderbufs-0.10.0-2.module+el8.5.0+684+c3892ef9.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234