CVE-2019-10164: Buffer Overflow
First published: Wed Jun 12 2019(Updated: )
Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/libpq | <0:12.1-3.el8 | 0:12.1-3.el8 |
| redhat/rh-postgresql10-postgresql | <0:10.12-2.el7 | 0:10.12-2.el7 |
| redhat/PostgreSQL | <10.9 | 10.9 |
| redhat/PostgreSQL | <11.4 | 11.4 |
| PostgreSQL PostgreSQL | >=10.0<10.9 | |
| PostgreSQL PostgreSQL | >=11.0<11.4 | |
| Redhat Enterprise Linux | =8.0 | |
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/
- https://security.gentoo.org/glsa/202003-03
- https://www.postgresql.org/about/news/1949/
- https://www.postgresql.org/support/security/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1723414
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1723412
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1723413
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=90adc16ea13750a6b6f704c6cf65dc0f1bdb845c
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d72a7e4da1001b29a661a4b1a52cb5c4d708bab0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1719698#c8
- https://access.redhat.com/errata/RHSA-2020:0980
- https://access.redhat.com/security/cve/cve-2019-10164
- https://access.redhat.com/errata/RHSA-2020:3669
- https://access.redhat.com/errata/RHSA-2020:5664
- https://access.redhat.com/errata/RHSA-2021:0166
- https://bugzilla.redhat.com/show_bug.cgi?id=1719698
- https://www.cve.org/CVERecord?id=CVE-2019-10164 https://nvd.nist.gov/vuln/detail/CVE-2019-10164 https://www.postgresql.org/support/security/
- https://access.redhat.com/errata/RHEA-2020:0343
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID of this PostgreSQL vulnerability?
The vulnerability ID of this PostgreSQL vulnerability is CVE-2019-10164.
What versions of PostgreSQL are affected by this vulnerability?
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are affected by this vulnerability.
How does this vulnerability occur?
This vulnerability occurs due to a stack-based buffer overflow.
What can an authenticated user do with this vulnerability?
An authenticated user can overflow a stack-based buffer by changing their own password to a purpose-crafted value, which can often suffice to execute arbitrary code as the PostgreSQL process.
What is the severity of this vulnerability?
The severity of this vulnerability is critical with a CVSS score of 8.8.
- collector/redhat-cve
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-10164
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/10.0
- version/postgresql postgresql/11.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1