It was discovered that the PostgresQL planner could create incorrect plans
in certain circumstances. A remote attacker could use this issue to cause
PostgreSQL to crash, resulting in a denial of service, or possibly obtain
sensitive information from memory. This issue only affected Ubuntu 20.04
LTS and Ubuntu 21.04. (CVE-2021-3677)

It was discovered that PostgreSQL incorrectly handled certain SSL
renegotiation ClientHello messages from clients. A remote attacker could
possibly use this issue to cause PostgreSQL to crash, resulting in a denial
of service. (CVE-2021-3449)

References

ubuntu.com/security/CVE-2021-3449

ubuntu.com/security/CVE-2021-3677

ubuntu.com/security/notices/USN-5038-1

openvas 29

ubuntu 2

nessus 56

prion 2

veracode 2

altlinux 9

redhat 12

redhatcve 2

osv 12

cve 2

postgresql 1

suse 3

cbl_mariner 2

ibm 23

debiancve 2

alpinelinux 2

mageia 1

freebsd 2

ubuntucve 2

openssl 1

debian 3

seebug 1

mscve 1

githubexploit 2

rustsec 1

cloudfoundry 1

checkpoint_security 1

github 1

ics 1

f5 1

oraclelinux 3

rocky 3

almalinux 3

attackerkb 2

thn 1

cisco 1

archlinux 1

amazon 1

symantec 1

fedora 1

photon 1

freebsd_advisory 1

openvas

Ubuntu: Security Advisory (USN-5038-1)

2021-08-13 00:00:00

Mageia: Security Advisory (MGASA-2021-0424)

2022-01-28 00:00:00

openSUSE: Security Advisory for postgresql12 (openSUSE-SU-2021:3256-1)

2021-10-02 00:00:00

ubuntu

PostgreSQL vulnerabilities

2021-08-12 00:00:00

OpenSSL vulnerability

2021-03-25 00:00:00

nessus

Ubuntu 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-5038-1)

2021-08-13 00:00:00

RHEL 8 : RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0] (Moderate) (RHSA-2022:4931)

2022-06-08 00:00:00

Puppet Enterprise < 2019.8.8 / 2021.x < 2021.3 PostgreSQL Vulnerability

2023-11-01 00:00:00

prion

Default configuration

2022-03-02 23:15:00

Null pointer dereference

2021-03-25 15:15:00

veracode

Information Disclosure

2021-08-14 06:40:09

Denial Of Service (DoS)

2021-03-25 16:28:32

altlinux

Security fix for the ALT Linux 10 package postgresql14 version 13.4-alt1

2021-08-11 00:00:00

Security fix for the ALT Linux 10 package postgresql13 version 13.4-alt1

2021-08-16 00:00:00

Security fix for the ALT Linux 9 package postgresql12 version 12.8-alt0.M90P.1

2021-08-23 00:00:00

redhat

(RHSA-2022:4931) Moderate: RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0]

2022-06-07 12:48:51

(RHSA-2021:1063) Important: openssl security update

2021-04-05 13:17:44

(RHSA-2021:1131) Important: openssl security update

2021-04-07 15:12:41

redhatcve

CVE-2021-3677

2021-09-07 11:37:31

CVE-2021-3449

2021-03-25 14:58:10

osv

BIT-postgresql-2021-3677

2024-03-06 11:04:28

CVE-2021-3677

2022-03-02 23:15:08

openssl-src NULL pointer Dereference in signature_algorithms processing

2021-08-25 20:54:02

cve

CVE-2021-3677

2022-03-02 23:15:00

CVE-2021-3449

2021-03-25 15:15:00

postgresql

Vulnerability in core server (CVE-2021-3677)

1970-01-01 00:00:00

suse

Security update for postgresql13 (moderate)

2021-09-29 00:00:00

Security update for postgresql12 (moderate)

2021-09-29 00:00:00

Security update for openssl-1_1 (important)

2021-03-26 00:00:00

cbl_mariner

CVE-2021-3677 affecting package postgresql 12.7-2

2022-04-26 20:17:02

CVE-2021-3677 affecting package postgresql 12.7-2

2022-08-12 16:45:08

ibm

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to sensitive information disclosure due to PostgreSQL (CVE-2021-3677)

2022-07-12 08:18:26

Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-CVE-2021-3449)

2021-06-21 21:55:43

Security Bulletin: z/TPF is affected by an OpenSSL vulnerability

2021-04-29 15:58:54

debiancve

CVE-2021-3677

2022-03-02 23:15:00

CVE-2021-3449

2021-03-25 15:15:00

alpinelinux

CVE-2021-3677

2022-03-02 23:15:00

CVE-2021-3449

2021-03-25 15:15:00

mageia

Updated postgresql packages fix security vulnerability

2021-09-23 07:49:29

freebsd

PostgreSQL server -- Memory disclosure in certain queries

2021-08-12 00:00:00

OpenSSL -- Multiple vulnerabilities

2021-03-25 00:00:00

ubuntucve

CVE-2021-3677

2021-08-12 00:00:00

CVE-2021-3449

2021-03-25 00:00:00

openssl

Vulnerability in OpenSSL CVE-2021-3449

2021-03-25 00:00:00

debian

[SECURITY] [DSA 4875-1] openssl security update

2021-03-25 15:41:28

[SECURITY] [DLA 2751-1] postgresql-9.6 security update

2021-08-31 14:03:14

[SECURITY] [DSA 4875-1] openssl security update

2021-03-25 15:41:28

seebug

OpenSSL 拒绝服务攻击（CVE-2021-3449）

2021-03-29 00:00:00

mscve

OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing

2021-10-12 07:00:00

githubexploit

Exploit for NULL Pointer Dereference in Openssl

2023-09-08 10:53:39

Exploit for NULL Pointer Dereference in Openssl

2021-03-26 01:09:25

rustsec

NULL pointer deref in signature_algorithms processing

2021-05-01 12:00:00

cloudfoundry

USN-4891-1: OpenSSL vulnerability | Cloud Foundry

2021-04-14 00:00:00

checkpoint_security

Check Point Response to OpenSSL CVE-2021-3449

2021-04-10 23:31:27

github

openssl-src NULL pointer Dereference in signature_algorithms processing

2021-08-25 20:54:02

ics

Siemens OpenSSL Vulnerabilities in Industrial Products (Update B)

2022-08-11 12:00:00

K83623027 : OpenSSL vulnerability CVE-2021-3449

2021-03-26 00:00:00

oraclelinux

postgresql:12 security update

2021-12-22 00:00:00

postgresql:13 security update

2021-12-22 00:00:00

openssl security update

2021-03-29 00:00:00

rocky

postgresql:12 security update

2021-12-21 09:10:31

postgresql:13 security update

2021-12-21 09:10:35

openssl security update

2021-03-29 19:03:22

almalinux

Moderate: postgresql:12 security update

2021-12-21 09:10:31

Moderate: postgresql:13 security update

2021-12-21 09:10:35

Important: openssl security update

2021-03-29 19:03:22

attackerkb

CVE-2021-3450

2021-03-25 00:00:00

OpenSSL TLS Server Crash (NULL pointer dereference) — CVE-2021-3449

2021-03-25 00:00:00

thn

OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities

2021-03-26 14:56:00

cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021

2021-03-25 16:00:00

archlinux

[ASA-202103-10] openssl: multiple issues

2021-03-25 00:00:00

amazon

Important: openssl11

2021-03-25 18:31:00

symantec

OpenSSL Vulnerabilities Mar 2021

2021-04-07 19:44:57

fedora

[SECURITY] Fedora 34 Update: openssl-1.1.1k-1.fc34

2021-04-01 00:53:20

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0331

2021-03-25 00:00:00

freebsd_advisory

FreeBSD-SA-21:07.openssl

2021-03-25 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for OSV:USN-5038-1