PT-2021-3135 · Postgresql+9 · Postgresql+9

Tom Lane

·

Published

2021-05-12

·

Updated

2026-04-03

·

CVE-2021-32027

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions postgresql versions prior to 13.3 postgresql versions prior to 12.7 postgresql versions prior to 11.12 postgresql versions prior to 10.17 postgresql versions prior to 9.6.22
Description A flaw was found in postgresql that allows authenticated database users to write arbitrary bytes to a wide area of server memory due to missing bounds checks while modifying certain SQL array values. This issue poses a threat to data confidentiality and integrity, as well as system availability. The vulnerability can be exploited by a remote attacker using specially crafted SQL queries, potentially allowing the execution of arbitrary code.
Recommendations For versions prior to 13.3, update to version 13.3 or later. For versions prior to 12.7, update to version 12.7 or later. For versions prior to 11.12, update to version 11.12 or later. For versions prior to 10.17, update to version 10.17 or later. For versions prior to 9.6.22, update to version 9.6.22 or later.

Fix

Integer Overflow

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2021:2360
ALSA-2021:2372
ALSA-2021:2375
ALT-PU-2021-1820
ALT-PU-2021-1821
ALT-PU-2021-1822
ALT-PU-2021-1823
ALT-PU-2021-1824
ALT-PU-2021-1826
ALT-PU-2021-1848
ALT-PU-2021-1849
ALT-PU-2021-1850
ALT-PU-2021-1851
ALT-PU-2021-1852
ALT-PU-2021-1902
ALT-PU-2021-1903
ALT-PU-2021-1904
ALT-PU-2021-1905
ALT-PU-2021-2604
ALT-PU-2021-3564
BDU:2021-02776
BIT-POSTGRESQL-2021-32027
CESA-2021_2360
CESA-2021_2361
CESA-2021_2372
CESA-2021_2375
CLEANSTART-2026-FW42039
CLEANSTART-2026-HJ04971
CVE-2021-32027
DLA-2662-1
DSA-4915-1
ECHO-A2F0-E2F0-EE68
JLSEC-2026-31
MGASA-2021-0221
OPENSUSE-SU-2021:0894-1
OPENSUSE-SU-2021:1785-1
OPENSUSE-SU-2021:1970-1
OPENSUSE-SU-2021:1994-1
OPENSUSE-SU-2021_0894-1
OPENSUSE-SU-2021_1785-1
OPENSUSE-SU-2021_1970-1
OPENSUSE-SU-2021_1994-1
OPENSUSE-SU-2024:11184-1
OPENSUSE-SU-2024:11185-1
OPENSUSE-SU-2024:11186-1
OPENSUSE-SU-2024:11187-1
OPENSUSE-SU-2024:12387-1
OPENSUSE-SU-2024:13243-1
OPENSUSE-SU-2024:14360-1
OPENSUSE-SU-2025:15580-1
RHSA-2021:2360
RHSA-2021:2361
RHSA-2021:2372
RHSA-2021:2375
RHSA-2021:2389
RHSA-2021:2390
RHSA-2021:2391
RHSA-2021:2392
RHSA-2021:2393
RHSA-2021:2394
RHSA-2021:2395
RHSA-2021:2396
RHSA-2021:2397
RHSA-2021_2360
RHSA-2021_2361
RHSA-2021_2372
RHSA-2021_2375
RHSA-2021_2397
RLSA-2021:2360
RLSA-2021:2361
RLSA-2021:2372
RLSA-2021:2375
SUSE-SU-2021:1782-1
SUSE-SU-2021:1783-1
SUSE-SU-2021:1784-1
SUSE-SU-2021:1785-1
SUSE-SU-2021:1785-2
SUSE-SU-2021:1970-1
SUSE-SU-2021:1994-1
SUSE-SU-2021:2777-1
SUSE-SU-2021:3481-1
SUSE-SU-2021_1782-1
SUSE-SU-2021_1783-1
SUSE-SU-2021_1784-1
SUSE-SU-2021_1785-1
SUSE-SU-2021_1785-2
SUSE-SU-2021_1970-1
SUSE-SU-2021_1994-1
SUSE-SU-2021_2777-1
SUSE-SU-2021_3481-1
SUSE-SU-2022:2958-1
USN-4972-1
USN-5645-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Postgresql
Red Hat
Rocky Linux
Suse
Ubuntu