Out-of-bounds Read

Affecting postgresql package, versions <11.5-r0

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

References

CVSS Score

2.2
low severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    High
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
CVE
CVE-2019-10209
CWE
CWE-125 CWE-200
Snyk ID
SNYK-ALPINE39-POSTGRESQL-485431
Disclosed
29 Oct, 2019
Published
08 Aug, 2019