Lucene search

[email protected]CVE-2020-17446

HistoryAug 12, 2020 - 4:15 p.m.

CVE-2020-17446

2020-08-1216:15:11

CWE-824

[email protected]

web.nvd.nist.gov

asyncpg

cve-2020-17446

security

postgresql

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.

Affected configurations

NVD

Node

magicasyncpgRange<0.21.0

Node

debiandebian_linuxMatch9.0

CPENameOperatorVersion
magic:asyncpgmagic asyncpglt0.21.0

CPE	Name	Operator	Version
magic:asyncpg	magic asyncpg	lt	0.21.0

References

github.com/MagicStack/asyncpg/releases/tag/v0.21.0

lists.debian.org/debian-lts-announce/2020/09/msg00002.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

Related for CVE-2020-17446

prion1 debian1 ubuntucve1 osv4 nvd1 debiancve1 veracode1 openvas1 nessus1 cvelist1 github1