PT-2021-1982 · Unknown+10 · Postgresql+9

Heikki Linnakangas

·

Published

2021-02-10

·

Updated

2026-01-30

·

CVE-2021-3393

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions postgresql versions prior to 13.2 postgresql versions prior to 12.6 postgresql versions prior to 11.11
Description An information leak was discovered in postgresql. A user with UPDATE permission but not SELECT permission to a particular column could craft queries that might disclose values from that column in error messages under certain circumstances. This could allow an attacker to obtain information stored in a column they are allowed to write but not read.
Recommendations For versions prior to 13.2, update to version 13.2 or later to resolve the issue. For versions prior to 12.6, update to version 12.6 or later to resolve the issue. For versions prior to 11.11, update to version 11.11 or later to resolve the issue.

Fix

Information Disclosure

Generation of Error Message Containing Sensitive Information

Weakness Enumeration

CWE-200CWE-209

Related Identifiers

ALSA-2021:2372
ALT-PU-2021-1291
ALT-PU-2021-1292
ALT-PU-2021-1293
ALT-PU-2021-1294
ALT-PU-2021-1372
ALT-PU-2021-1373
ALT-PU-2021-1374
ALT-PU-2021-1852
ALT-PU-2021-1904
ALT-PU-2021-1905
BDU:2021-00810
BIT-POSTGRESQL-2021-3393
CESA-2021_2372
CLEANSTART-2026-FW42039
CLEANSTART-2026-HJ04971
CVE-2021-3393
ECHO-706E-B12C-B1D5
MGASA-2021-0121
OPENSUSE-SU-2021:0423-1
OPENSUSE-SU-2021_0423-1
OPENSUSE-SU-2024:11185-1
OPENSUSE-SU-2024:11186-1
OPENSUSE-SU-2024:11187-1
OPENSUSE-SU-2024:12387-1
OPENSUSE-SU-2024:13243-1
OPENSUSE-SU-2024:14360-1
OPENSUSE-SU-2025:15580-1
RHSA-2021:2372
RHSA-2021:2389
RHSA-2021:2394
RHSA-2021_2372
RLSA-2021:2372
SUSE-SU-2021:0543-1
SUSE-SU-2021:0544-1
SUSE-SU-2021:0545-1
SUSE-SU-2021:0695-1
SUSE-SU-2021:1783-1
SUSE-SU-2021_0544-1
SUSE-SU-2021_0695-1
USN-4735-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Postgresql
Red Hat
Rocky Linux
Suse
Ubuntu