Описание
Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.
A memory disclosure vulnerability in table partitioning was found in postgresql, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.
Отчет
This issue did not affect the versions of PostgreSQL as shipped with Red Hat Satellite 5 and CloudForms 5 as they use PostgreSQL version 9.x and this vulnerability is specific to PostgreSQL 10.x.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | rh-postgresql94-postgresql | Not affected | ||
| CloudForms Management Engine 5 | rh-postgresql95-postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Not affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 7 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 8 | postgresql | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | postgresql | Not affected | ||
| Red Hat JBoss Operations Network 3 | postgresql | Not affected | ||
| Red Hat Mobile Application Platform 4 | postgresql | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.
Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.
Memory disclosure vulnerability in table partitioning was found in pos ...
Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.
Уязвимость системы управления базами данных PostgreSQL, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
6.5 Medium
CVSS3