CVE-2018-1052

Name of the Vulnerable Software and Affected Versions postgresql versions 10.x prior to 10.2

Description A memory disclosure issue was found in the table partitioning of postgresql, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. The issue is related to the lack of protection of service data, which can be exploited by a remote attacker to disclose protected information.

Recommendations For postgresql versions 10.x prior to 10.2, update to version 10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to partitioned tables to minimize the risk of exploitation. Avoid using manipulated insertions to partitioned tables until the issue is resolved.