CVE-2021-32028 - log back

CVE-2021-32028 edited at 13 May 2021 15:24:31
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A security issue was found in PostgreSQL before version 13.3. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas cannot use this attack at will.
References
+ https://www.postgresql.org/support/security/CVE-2021-32028/
+ https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f
CVE-2021-32028 created at 13 May 2021 15:20:50