First published: Tue Jul 30 2019(Updated: )
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
PostgreSQL PostgreSQL | >=11.0<11.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10129 is a vulnerability found in PostgreSQL versions 11.x prior to 11.3 that allows an attacker to read arbitrary bytes of server memory.
The severity of CVE-2019-10129 is medium, with a CVSS score of 6.5.
An attacker can exploit CVE-2019-10129 by using a purpose-crafted insert to a partitioned table, allowing them to read arbitrary bytes of server memory.
PostgreSQL versions 11.x prior to 11.3 are affected by CVE-2019-10129.
Yes, upgrading to PostgreSQL version 11.3 or later will address the vulnerability.