Home

CVE-2021-3393

Description

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.104

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-20229 Announcement,CVE-2021-3393 Announcement are fixed in Postgresql 13.2Windows
Vulnerabilities CVE-2021-3393 Announcement are fixed in Postgresql 11.11Windows
Vulnerabilities CVE-2021-3393 Announcement are fixed in Postgresql 12.6Windows
Vulnerabilities CVE-2021-20229,CVE-2021-3393 are fixed in PostgreSQL 13.2Windows
Vulnerabilities CVE-2021-3393 are fixed in PostgreSQL 12.6Windows
Vulnerabilities CVE-2021-3393 are fixed in PostgreSQL 11.11Windows
Object-relational SQL database (USN-4735-1) postgresql-12_12.6-0ubuntu0.20.04.1_i386.debLinux
Object-relational SQL database (USN-4735-1) postgresql-12_12.6-0ubuntu0.20.04.1_amd64.debLinux
Object-relational SQL database (USN-4735-1) postgresql-12_12.6-0ubuntu0.20.10.1_i386.debLinux
Object-relational SQL database (USN-4735-1) postgresql-12_12.6-0ubuntu0.20.10.1_amd64.debLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) libecpg6-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) libecpg6-debuginfo-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-32bit-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-debuginfo-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-debuginfo-32bit-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-contrib-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-contrib-debuginfo-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-debuginfo-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-debugsource-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-docs-13.2-3.6.1.noarch.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-plperl-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-plperl-debuginfo-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-plpython-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-plpython-debuginfo-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-pltcl-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-pltcl-debuginfo-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-server-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:0545-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql13-server-debuginfo-13.2-3.6.1.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-contrib-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-contrib-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-debugsource-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-docs-12.7-3.15.3.noarch.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plperl-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plperl-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plpython-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plpython-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-pltcl-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-pltcl-debuginfo-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-server-12.7-3.15.3.x86_64.rpmLinux
SUSE-SU-2021:1783-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-server-debuginfo-12.7-3.15.3.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update pgaudit-debugsource-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-contrib-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-debugsource-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-docs-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-plperl-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-plpython3-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-pltcl-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-server-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-server-devel-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-static-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-test-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-test-rpm-macros-12.7-1.module+el8.4.0+11288+c193d6d7.noarch.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-upgrade-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
(RHSA-2021:2372) postgresql:12 security update postgresql-upgrade-devel-12.7-1.module+el8.4.0+11288+c193d6d7.x86_64.rpmLinux
Vulnerabilities CVE-2021-20229 Announcement,CVE-2021-3393 Announcement are fixed in Postgresql 13.2 (For Linux)Linux
Vulnerabilities CVE-2021-3393 Announcement are fixed in Postgresql 11.11 (For Linux)Linux
Vulnerabilities CVE-2021-3393 Announcement are fixed in Postgresql 12.6 (For Linux)Linux
Vulnerabilities CVE-2021-20229,CVE-2021-3393 are fixed in PostgreSQL 13.2 (For Linux)Linux
Vulnerabilities CVE-2021-3393 are fixed in PostgreSQL 12.6 (For Linux)Linux
Vulnerabilities CVE-2021-3393 are fixed in PostgreSQL 11.11 (For Linux)Linux
postgresql:12 security update (RLSA-2021:2372) postgres-decoderbufs-0.10.0-2.module+el8.5.0+684+c3892ef9.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234