CVE-2019-10129
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).
Se detectó una vulnerabilidad en postgresql versiones 11.x anteriores a 11.3. Usando una inserción especialmente diseñada específicamente para una tabla particionada, un atacante puede leer bytes arbitrarios desde la memoria del servidor. En la configuración por defecto, cualquier usuario puede crear una tabla particionada adecuada para este ataque. (Los requisitos previos de está explotación son los mismos que para el CVE-2018-1052).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-27 CVE Reserved
- 2019-05-13 CVE Published
- 2024-07-23 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202003-03 | 2023-02-03 | |
| https://www.postgresql.org/about/news/1939 | 2023-02-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 11.0 < 11.3 Search vendor "Postgresql" for product "Postgresql" and version " >= 11.0 < 11.3" | - |
Affected
| ||||||