Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44391
HistoryNov 27, 2023 - 9:07 p.m.

Memory Disclosure

2023-11-2721:07:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
postgresql
memory disclosure
aggregate function calls
remote users
sensitive information

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.3%

PostgreSQL is vulnerable to Memory Disclosure. The vulnerability is caused due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. This can lead to an attacker access sensitive information by exploiting certain aggregate function calls with unknown-type arguments since unknown-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information.

References

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.3%