KLA11572
Multiple vulnerabilities in PostgreSQL
Updated: 05/22/2020
Detect date
?
05/09/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A vulnerability in PostgreSQL can be exploited via reading the most common values of certain columns to bypass security restrictions;
  2. A vulnerability in PostgreSQL can be exploited via reading arbitrary data directory files to execute arbitrary code;
  3. A vulnerability in PostgreSQL can be exploited via reading arbitrary bytes of server memory to obtain sensitive information;
Affected products

PostgreSQL 11.x earlier than 11.3
PostgreSQL 10.x earlier than 10.8
PostgreSQL 9.6.x earlier than 9.6.13
PostgreSQL 9.5.x earlier than 9.5.17
PostgreSQL 9.4.x earlier than 9.4.22

Solution

Update to latest version
Download PostgreSQL

Original advisories

PostgreSQL 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22 Released!

Impacts
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Related products
PostgreSQL
CVE-IDS
?