CVE-2021-32027 Information
Share on:
Jun 06, 2022
cve
Description
A flaw was found in postgresql in versions before 13.3 before 12.7 before 11.12 before 10.17 and before 9.6.22. While modifying certain SQL array values missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.postgresql.org/support/security/CVE-2021-32027/ https://bugzilla.redhat.com/show_bug.cgi?id=1956876 https://security.netapp.com/advisory/ntap-20210713-0004/
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8