Your submission was sent successfully! Close

CVE-2019-10164

Published: 20 June 2019

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
postgresql-10
Launchpad, Ubuntu, Debian
bionic
Released (10.9-0ubuntu0.18.04.1)
cosmic
Released (10.9-0ubuntu0.18.10.1)
disco Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (10.9)
xenial Does not exist

postgresql-11
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco
Released (11.4-0ubuntu0.19.04.1)
precise Does not exist

trusty Does not exist

upstream
Released (11.4)
xenial Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Not vulnerable

trusty Does not exist

upstream Not vulnerable

xenial Does not exist

postgresql-9.3
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist

trusty Not vulnerable

upstream Not vulnerable

xenial Does not exist

postgresql-9.5
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist

trusty Does not exist

upstream Not vulnerable

xenial Not vulnerable