Vulnerability CVE-2021-32027: Information

Description

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-32027
Published: June 1, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
postgresql10p1010.17-alt110.23-alt1.p10.1ALT-PU-2021-1822-1272004Fixed
postgresql10p910.17-alt0.M90P.110.23-alt0.M90P.1ALT-PU-2021-1850-1272061Fixed
postgresql10p810.17-alt0.M80P.110.19-alt0.M80P.1ALT-PU-2021-1929-1272119Fixed
postgresql10c10f110.17-alt110.23-alt1ALT-PU-2021-1822-1272004Fixed
postgresql10c9f210.17-alt0.M90P.110.23-alt0.M90P.1ALT-PU-2021-1903-1271832Fixed
postgresql11p1011.12-alt111.22-alt0.p10.1ALT-PU-2021-1823-1272004Fixed
postgresql11p911.12-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2021-1851-1272061Fixed
postgresql11p811.12-alt0.M80P.111.14-alt0.M80P.1ALT-PU-2021-1930-1272119Fixed
postgresql11c10f111.12-alt111.22-alt0.p10.1ALT-PU-2021-1823-1272004Fixed
postgresql11c9f211.12-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2021-1904-1271832Fixed
postgresql11-1Cp811.12-alt0.M80P.111.12-alt0.M80P.2ALT-PU-2021-1931-1272119Fixed
postgresql12sisyphus12.7-alt112.19-alt3ALT-PU-2021-1826-1272067Fixed
postgresql12p1012.7-alt112.19-alt0.p10.1ALT-PU-2021-1826-1272067Fixed
postgresql12p912.7-alt0.M90P.112.19-alt0.M90P.1ALT-PU-2021-1848-1272061Fixed
postgresql12p812.7-alt0.M80P.112.9-alt0.M80P.1ALT-PU-2021-1932-1272119Fixed
postgresql12c10f112.7-alt112.19-alt0.p10.1ALT-PU-2021-1826-1272067Fixed
postgresql12c9f212.7-alt0.c9.112.18-alt0.c9f2.1ALT-PU-2021-1905-1271832Fixed
postgresql12p1112.7-alt112.19-alt3ALT-PU-2021-1826-1272067Fixed
postgresql12-1Cp912.6-alt1.M90P.112.19-alt0.M90P.1ALT-PU-2021-1852-1272061Fixed
postgresql12-1Cc9f212.7-alt0.M90P.312.17-alt0.c9f2.2ALT-PU-2021-3564-1292243Fixed
postgresql13sisyphus13.3-alt113.15-alt3ALT-PU-2021-1820-1272004Fixed
postgresql13p1013.3-alt113.15-alt0.p10.1ALT-PU-2021-1820-1272004Fixed
postgresql13c10f113.3-alt113.15-alt0.p10.1ALT-PU-2021-1820-1272004Fixed
postgresql13p1113.3-alt113.15-alt3ALT-PU-2021-1820-1272004Fixed
postgresql9.6p99.6.22-alt0.M90P.19.6.24-alt0.M90P.1ALT-PU-2021-1849-1272061Fixed
postgresql9.6p89.6.22-alt0.M80P.19.6.24-alt0.M80P.1ALT-PU-2021-1928-1272119Fixed
postgresql9.6c9f29.6.22-alt0.M90P.19.6.24-alt0.M90P.1ALT-PU-2021-1902-1271832Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.postgresql.org/support/security/CVE-2021-32027/
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1956876
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20210713-0004/
  • Third Party Advisory
GLSA-202211-04
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      13.0
      End excliding
      13.3
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      12.0
      End excliding
      12.7
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      10.0
      End excliding
      10.17
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      11.0
      End excliding
      11.12
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      9.6.0
      End excliding
      9.6.22

      Configuration 2

      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top