9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
73.7%
Some server error messages show the values of columns that violate a
constraint, such as a unique constraint. If the user does not have
SELECT privilege on all columns of the table, this could mean exposing
values that the user should not be able to see. Adjust the code so that
values are displayed only when they came from the SQL command or could
be selected by the user.
When to_char() processes a numeric formatting template calling for a
large number of digits, PostgreSQL would read past the end of a buffer.
When processing a crafted timestamp formatting template, PostgreSQL
would write past the end of a buffer. Either case could crash the
server. We have not ruled out the possibility of attacks that lead to
privilege escalation, though they seem unlikely.
Errors in memory size tracking within the pgcrypto module permitted
stack buffer overruns and improper dependence on the contents of
uninitialized memory. The buffer overrun cases can crash the server, and
we have not ruled out the possibility of attacks that lead to privilege
escalation.
If any error occurred while the server was in the middle of reading a
protocol message from the client, it could lose synchronization and
incorrectly try to interpret part of the message’s data as a new
protocol message. An attacker able to submit crafted binary data within
a command parameter might succeed in injecting his own SQL commands this
way. Statement timeout and query cancellation are the most likely
sources of errors triggering this scenario. Particularly vulnerable are
applications that use a timeout and also submit arbitrary user-crafted
data as binary query parameters. Disabling statement timeout will
reduce, but not eliminate, the risk of exploit. Our thanks to Emil
Lenngren for reporting this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | postgresql | < 9.4.1-1 | UNKNOWN |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
73.7%