Описание
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
Ссылки
- PatchRelease NotesThird Party Advisory
- Mailing ListThird Party Advisory
- PatchRelease NotesThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.21.0 (исключая)
cpe:2.3:a:magic:asyncpg:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02141
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-824
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 5 лет назад
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
CVSS3: 9.8
debian
больше 5 лет назад
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...
CVSS3: 9.8
github
почти 5 лет назад
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer
EPSS
Процентиль: 84%
0.02141
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-824