While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The CVE-2021-32027 fix covered some attacks of this description, but it missed others.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Core | postgresql | 2022-09-01 21:09 | ALAS2-2022-1843 |
Amazon Linux 2 - Core | postgresql | 2024-06-06 20:17 | ALAS2-2024-2567 |
Amazon Linux 2 - Postgresql12 Extra | postgresql | 2024-01-19 02:20 | ALAS2POSTGRESQL12-2024-007 |
Amazon Linux 2 - Postgresql13 Extra | postgresql | 2024-01-19 02:20 | ALAS2POSTGRESQL13-2024-005 |
Amazon Linux 2 - Postgresql14 Extra | postgresql | 2024-01-19 02:20 | ALAS2POSTGRESQL14-2024-004 |
Amazon Linux 2023 | postgresql15 | 2024-01-03 23:20 | ALAS2023-2024-464 |
Amazon Linux 1 | postgresql92 | 2025-01-30 04:16 | ALAS-2025-1959 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv3 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |