Buffer overrun from integer overflow in array modification
Table of Contents
Buffer overrun from integer overflow in array modification
While modifying certain SQL array values, missing overflow checks let
authenticated database users write arbitrary bytes to a memory area that
facilitates arbitrary code execution. Missing overflow checks also let
authenticated database users read a wide area of server memory. The
CVE-2021-32027
fix covered some attacks of this description, but it missed others.
The PostgreSQL project thanks Pedro Gallegos for reporting this problem.
Version Information
For more information about PostgreSQL versioning,
please visit the versioning page.
CVSS 3.0
Reporting Security Vulnerabilities
If you wish to report a new security vulnerability in PostgreSQL, please
send an email to
security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.
Read more here: Source link