PT-2019-2540 · Postgresql+5 · Postgresql+5

Alexander Lakhin

Published

2019-06-19

Updated

2024-06-15

CVE-2019-10164

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 10.x through 10.8 PostgreSQL versions 11.x through 11.3

Description The issue is caused by a stack-based buffer overflow in the PostgreSQL database management system. This can be exploited by an authenticated user changing their own password to a specially crafted value, potentially allowing the execution of arbitrary code as the PostgreSQL operating system account.

Recommendations For PostgreSQL versions 10.x through 10.8, update to version 10.9 or later. For PostgreSQL versions 11.x through 11.3, update to version 11.4 or later. As a temporary workaround, consider restricting password changes for users until a patch is applied.

Fix

Stack Overflow

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119CWE-787

Related Identifiers

ALT-PU-2019-2103

ALT-PU-2019-2104

ALT-PU-2019-2105

ALT-PU-2019-2127

ALT-PU-2019-2128

ALT-PU-2019-2129

BDU:2019-02385

CESA-2020_3669

CVE-2019-10164

MGASA-2019-0204

OPENSUSE-SU-2019:1773-1

OPENSUSE-SU-2019_1773-1

OPENSUSE-SU-2024:11184-1

OPENSUSE-SU-2024:11185-1

RHSA-2020:0980

RHSA-2020:3669

RHSA-2020:5664

RHSA-2020_3669

RHSA-2021:0166

SUSE-RU-2020:1280-1

SUSE-SU-2019:1783-1

SUSE-SU-2019:1783-2

SUSE-SU-2019:1783-3

SUSE-SU-2019:1810-1

SUSE-SU-2019:2012-1

SUSE-SU-2019_1783-1

SUSE-SU-2019_1783-2

USN-4027-1

Affected Products

Alt Linux

Centos

Postgresql

Red Hat

Suse

Ubuntu

PT-2019-2540 · Postgresql+5 · Postgresql+5

CVE-2019-10164

Weakness Enumeration

Related Identifiers

Affected Products

References · 75