Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-10129

Published: 9 May 2019

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).

Notes

AuthorNote
mdeslaur
postgresql-11 only

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
postgresql-10
Launchpad, Ubuntu, Debian
bionic Not vulnerable

cosmic Not vulnerable

disco Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

postgresql-11
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco
Released (11.3-0ubuntu0.19.04.1)
precise Does not exist

trusty Does not exist

upstream
Released (11.3)
xenial Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Does not exist

postgresql-9.3
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist

trusty Not vulnerable

upstream Needs triage

xenial Does not exist

postgresql-9.5
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable