High
PostgreSQL Global Development Group
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the userβs own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2019-08-20: Initial vulnerability report published.