Vulnerability CVE-2019-10129: Information

Description

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-10129

Published: July 30, 2019

Modified: Feb. 3, 2023

Error type identifier: CWE-125

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
postgresql11	p10	11.3-alt1	11.22-alt0.p10.3	ALT-PU-2019-1785-1	229118	Fixed
postgresql11	p9	11.3-alt1	11.22-alt0.M90P.1	ALT-PU-2019-1785-1	229118	Fixed
postgresql11	p8	11.3-alt0.M80P.1	11.14-alt0.M80P.1	ALT-PU-2019-1822-1	229145	Fixed
postgresql11	c10f1	11.3-alt1	11.22-alt0.p10.1	ALT-PU-2019-1785-1	229118	Fixed
postgresql11	c9f2	11.3-alt1	11.22-alt0.M90P.1	ALT-PU-2019-1785-1	229118	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129	Issue Tracking Third Party Advisory
https://www.postgresql.org/about/news/1939/	Vendor Advisory
GLSA-202003-03	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  11.0
  End excliding
  11.3

Version: v24.5.3

Vulnerability CVE-2019-10129: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1