CVE-2021-32027
Public on 2021-06-01
Modified on 2024-05-08
Description
A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | postgresql | Pending Fix | ||
| Amazon Linux 2 - Postgresql10 Extra | postgresql | No Fix Planned | ||
| Amazon Linux 2 - Postgresql9.6 Extra | postgresql | No Fix Planned | ||
| Amazon Linux 2 - Postgresql11 Extra | postgresql | 2023-08-07 | ALAS2POSTGRESQL11-2023-003 | Fixed |
| Amazon Linux 2 - Postgresql12 Extra | postgresql | 2023-08-07 | ALAS2POSTGRESQL12-2023-004 | Fixed |
| Amazon Linux 2 - Postgresql13 Extra | postgresql | 2023-08-07 | ALAS2POSTGRESQL13-2023-003 | Fixed |
| Amazon Linux 2023 | postgresql15 | Not Affected | ||
| Amazon Linux 1 | postgresql96 | 2021-07-08 | ALAS-2021-1520 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 6.5 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| NVD | CVSSv3 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |