PT-2019-2347 · Postgresql+2 · Postgresql+2

Noah Misch

Published

2019-05-08

Updated

2026-01-30

CVE-2019-10129

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions postgresql versions 11.x prior to 11.3

Description A vulnerability allows an attacker to read arbitrary bytes of server memory by using a specially crafted insert to a partitioned table. In the default configuration, any user can create a partitioned table suitable for this attack.

Recommendations For postgresql versions 11.x prior to 11.3, update to version 11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to create partitioned tables to minimize the risk of exploitation.

Fix

Out of bounds Read

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-200

Related Identifiers

ALT-PU-2019-1785

BDU:2019-02122

CLEANSTART-2026-FW42039

CLEANSTART-2026-HJ04971

CVE-2019-10129

MGASA-2019-0189

OPENSUSE-SU-2024:11185-1

USN-3972-1

Affected Products

Alt Linux

Postgresql

Ubuntu

PT-2019-2347 · Postgresql+2 · Postgresql+2

CVE-2019-10129

Weakness Enumeration

Related Identifiers

Affected Products

References · 120