Your submission was sent successfully! Close

CVE-2018-1052

Published: 9 February 2018

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.

Notes

AuthorNote
ratliff
only affects 10
Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
postgresql-10
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (10.2-1)
xenial Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
artful Does not exist

precise Not vulnerable
(see note)
trusty Does not exist
(trusty was not-affected [see note])
upstream Needs triage

xenial Does not exist

postgresql-9.4
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

postgresql-9.6
Launchpad, Ubuntu, Debian
artful Not vulnerable
(see note)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist