CVE-2021-32029

State: PUBLISHED · Published: 2021-10-08 · Updated: 2024-08-03 · Assigner: redhat

Description

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

CWE

CWE-200 — CWE-200

Affected

n/a / postgresql — v=postgresql 13.3, postgresql 12.7, postgresql 11.12 [affected]

CVSS

(none)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956883 x_refsource_MISC
https://www.postgresql.org/support/security/CVE-2021-32029/ x_refsource_MISC
https://security.netapp.com/advisory/ntap-20211112-0003/ x_refsource_CONFIRM

Source

cvelistV5-main/cves/2021/32xxx/CVE-2021-32029.json