asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 9.0 | |
asyncpg | lt | 0.21.0 |