PT-2019-2540 · Postgresql+5 · Postgresql+5

Alexander Lakhin

Publicado

2019-06-19

Atualizado

2024-06-15

CVE-2019-10164

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 10.x through 10.8 PostgreSQL versions 11.x through 11.3

Description The issue is caused by a stack-based buffer overflow in the PostgreSQL database management system. This can be exploited by an authenticated user changing their own password to a specially crafted value, potentially allowing the execution of arbitrary code as the PostgreSQL operating system account.

Recommendations For PostgreSQL versions 10.x through 10.8, update to version 10.9 or later. For PostgreSQL versions 11.x through 11.3, update to version 11.4 or later. As a temporary workaround, consider restricting password changes for users until a patch is applied.

Correção

Stack Overflow

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-119CWE-787

Identificadores relacionados

ALT-PU-2019-2103

ALT-PU-2019-2104

ALT-PU-2019-2105

ALT-PU-2019-2127

ALT-PU-2019-2128

ALT-PU-2019-2129

BDU:2019-02385

CESA-2020_3669

CVE-2019-10164

MGASA-2019-0204

OPENSUSE-SU-2019:1773-1

OPENSUSE-SU-2019_1773-1

OPENSUSE-SU-2024:11184-1

OPENSUSE-SU-2024:11185-1

RHSA-2020:0980

RHSA-2020:3669

RHSA-2020:5664

RHSA-2020_3669

RHSA-2021:0166

SUSE-RU-2020:1280-1

SUSE-SU-2019:1783-1

SUSE-SU-2019:1783-2

SUSE-SU-2019:1783-3

SUSE-SU-2019:1810-1

SUSE-SU-2019:2012-1

SUSE-SU-2019_1783-1

SUSE-SU-2019_1783-2

USN-4027-1

Produtos afetados

Alt Linux

Centos

Postgresql

Red Hat

Suse

Ubuntu

PT-2019-2540 · Postgresql+5 · Postgresql+5

CVE-2019-10164

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 75