Vulnerability Description
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | >= 11.0, < 11.12 |
| Redhat | Jboss Enterprise Application Platform | 7.0.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956883Issue TrackingPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20211112-0003/Third Party Advisory
- https://www.postgresql.org/support/security/CVE-2021-32029/Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1956883Issue TrackingPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20211112-0003/Third Party Advisory
- https://www.postgresql.org/support/security/CVE-2021-32029/Vendor Advisory
FAQ
What is CVE-2021-32029?
CVE-2021-32029 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from th...
How severe is CVE-2021-32029?
CVE-2021-32029 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32029?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Redhat Jboss Enterprise Application Platform.