Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3677

Опубликовано: 12 авг. 2021
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Debezium 1postgresqlNot affected
Red Hat build of QuarkuspostgresqlNot affected
Red Hat Decision Manager 7postgresqlNot affected
Red Hat Enterprise Linux 5postgresqlNot affected
Red Hat Enterprise Linux 7postgresqlNot affected
Red Hat Enterprise Linux 8libpqNot affected
Red Hat Enterprise Linux 8postgresql:10/postgresqlNot affected
Red Hat Enterprise Linux 8postgresql:9.6/postgresqlNot affected
Red Hat Enterprise Linux 9postgresqlNot affected
Red Hat Fuse 7postgresqlNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2001857postgresql: memory disclosure in certain queries

EPSS

Процентиль: 40%
0.00177
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3677

CVSS3: 6.5
ubuntu
больше 3 лет назад

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

nvd логотип

CVE-2021-3677

CVSS3: 6.5
nvd
больше 3 лет назад

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

msrc логотип

CVE-2021-3677

CVSS3: 6.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-3677

CVSS3: 6.5
debian
больше 3 лет назад

A flaw was found in postgresql. A purpose-crafted query can read arbit ...

suse-cvrf логотип

openSUSE-SU-2021:3256-1

suse-cvrf
больше 3 лет назад

Security update for postgresql12

EPSS

Процентиль: 40%
0.00177
Низкий

6.5 Medium

CVSS3