PostgresSQL Memory Disclosure (CVE-2021-3677)
Vulnerability details
A vulnerability has been identified in PostgresSQL.
A local and authenticated attacker can exploit the vulnerability via a specially formed SQL request, to read arbitrary bytes from the server memory.
The vulnerability can be exploited even without creation privileges on the database.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
04/10/2021 |
Initial release |
Stormshield Management Center |
CVSS v3.1 Overall Score: 2 
|
Analysis
|
Impacted version
|
A local and authenticated attacker can exploit the vulnerability via a specialy formed SQL request, to read arbitrary bytes from the server memory.
The vulnerability can be exploited even without creation privileges on the database.
|
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The 3.1.0 update fixes this vulnerability.
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Local |
Low |
High |
None |
Unchanged |
Low |
None |
None |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
Medium |
High |
High |