Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-32029 - log back

CVE-2021-32029 edited at 13 May 2021 15:25:41

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Information disclosure

Description

+

A security issue was found in PostgreSQL before version 13.3. Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas typically cannot use this attack at will.

References

+	https://www.postgresql.org/support/security/CVE-2021-32029/
+	https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3

CVE-2021-32029 created at 13 May 2021 15:20:50