Vulnerability Description
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | >= 9.6.0, < 9.6.22 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956877Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/202211-04Third Party Advisory
- https://security.netapp.com/advisory/ntap-20211112-0003/Third Party Advisory
- https://www.postgresql.org/support/security/CVE-2021-32028Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1956877Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/202211-04Third Party Advisory
- https://security.netapp.com/advisory/ntap-20211112-0003/Third Party Advisory
- https://www.postgresql.org/support/security/CVE-2021-32028Vendor Advisory
FAQ
What is CVE-2021-32028?
CVE-2021-32028 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highes...
How severe is CVE-2021-32028?
CVE-2021-32028 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32028?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql.