Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-17446

Опубликовано: 12 авг. 2020
Источник: debian
EPSS Низкий

Описание

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
asyncpgfixed0.21.0-1package

Примечания

  • https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0

EPSS

Процентиль: 84%
0.02141
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-17446

CVSS3: 9.8
ubuntu
больше 5 лет назад

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.

nvd логотип

CVE-2020-17446

CVSS3: 9.8
nvd
больше 5 лет назад

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.

github логотип

GHSA-2xpj-f5g2-8p7m

CVSS3: 9.8
github
почти 5 лет назад

Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer

EPSS

Процентиль: 84%
0.02141
Низкий