cve-2019-10129

Vulnerability from cvelistv5

Published

2019-07-30 16:10

Modified

2024-08-04 22:10

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/202003-03	Third Party Advisory
secalert@redhat.com	https://www.postgresql.org/about/news/1939/	Vendor Advisory

Impacted products

▼	Vendor	Product
	PostgreSQL Project	postgresql

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:10:09.985Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-202003-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1939/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "PostgreSQL Project",
          "versions": [
            {
              "status": "affected",
              "version": "11.x prior to 11.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-04T18:00:58",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-202003-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.postgresql.org/about/news/1939/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-10129",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "postgresql",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.x prior to 11.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052)."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-202003-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-03"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129"
            },
            {
              "name": "https://www.postgresql.org/about/news/1939/",
              "refsource": "MISC",
              "url": "https://www.postgresql.org/about/news/1939/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10129",
    "datePublished": "2019-07-30T16:10:04",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:10:09.985Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-10129\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-07-30T17:15:12.263\",\"lastModified\":\"2023-02-03T14:26:40.660\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una vulnerabilidad en postgresql versiones 11.x anteriores a 11.3. Usando una inserci\u00f3n especialmente dise\u00f1ada espec\u00edficamente para una tabla particionada, un atacante puede leer bytes arbitrarios desde la memoria del servidor. En la configuraci\u00f3n por defecto, cualquier usuario puede crear una tabla particionada adecuada para este ataque. (Los requisitos previos de est\u00e1 explotaci\u00f3n son los mismos que para el CVE-2018-1052).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"588922E6-6F1E-4219-ADB3-F9E8696E03F8\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-03\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.postgresql.org/about/news/1939/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). postgresql Contains an information disclosure vulnerability.Information may be obtained. PostgreSQL is a set of free object relational database management system organized by PostgreSQL. The system supports most SQL standards and provides many other features, such as foreign keys, triggers, views, and more. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-03

                                       https://security.gentoo.org/

Severity: Normal Title: PostgreSQL: Multiple vulnerabilities Date: March 12, 2020 Bugs: #685846, #688420, #709708 ID: 202003-03

Synopsis

Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in the execution of arbitrary code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-db/postgresql < 9.4.26:9.4 >= 9.4.26:9.4 < 9.5.21:9.5 >= 9.5.21:9.5 < 9.6.17:9.6 >= 9.6.17:9.6 < 10.12:10 >= 10.12:10 < 11.7:11 >= 11.7:11 < 12.2:12 >= 12.2:12

Description

Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process, bypass certain client-side connection security features, read arbitrary server memory, alter certain data or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL 9.4.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.26:9.4"

All PostgreSQL 9.5.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.21:9.5"

All PostgreSQL 9.6.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.17:9.6"

All PostgreSQL 10.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.12:10"

All PostgreSQL 11.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.7:11"

All PostgreSQL 12.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.2:12"

References

[ 1 ] CVE-2019-10129 https://nvd.nist.gov/vuln/detail/CVE-2019-10129 [ 2 ] CVE-2019-10130 https://nvd.nist.gov/vuln/detail/CVE-2019-10130 [ 3 ] CVE-2019-10164 https://nvd.nist.gov/vuln/detail/CVE-2019-10164 [ 4 ] CVE-2020-1720 https://nvd.nist.gov/vuln/detail/CVE-2020-1720

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202003-03

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3972-1 May 13, 2019

postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 19.04
Ubuntu 18.10
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in PostgreSQL. This issue only affected Ubuntu 19.04. (CVE-2019-10129)

Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. (CVE-2019-10130)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04: postgresql-11 11.3-0ubuntu0.19.04.1

Ubuntu 18.10: postgresql-10 10.8-0ubuntu0.18.10.1

Ubuntu 18.04 LTS: postgresql-10 10.8-0ubuntu0.18.04.1

Ubuntu 16.04 LTS: postgresql-9.5 9.5.17-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.

References: https://usn.ubuntu.com/usn/usn-3972-1 CVE-2019-10129, CVE-2019-10130

Package Information: https://launchpad.net/ubuntu/+source/postgresql-11/11.3-0ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.10.1 https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.17-0ubuntu0.16.04.1

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1315",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "postgresql",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "postgresql",
        "version": "11.0"
      },
      {
        "model": "postgresql",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "postgresql",
        "version": "11.3"
      },
      {
        "model": "postgresql",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "postgresql",
        "version": "11.x"
      },
      {
        "model": "postgresql",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "postgresql",
        "version": "11.3"
      },
      {
        "model": "postgresql",
        "scope": null,
        "trust": 0.6,
        "vendor": "postgresql",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "19.04"
      },
      {
        "model": "postgresql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "postgresql",
        "version": "11.2"
      },
      {
        "model": "postgresql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "postgresql",
        "version": "11.1"
      },
      {
        "model": "postgresql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "postgresql",
        "version": "11"
      },
      {
        "model": "postgresql",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "postgresql",
        "version": "11.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      },
      {
        "db": "BID",
        "id": "108506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10129"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10129"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu,Noah Misch and the PostgreSQL Project.,Gentoo",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-10129",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-10129",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-16482",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secalert@redhat.com",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-10129",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-10129",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "secalert@redhat.com",
            "id": "CVE-2019-10129",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-16482",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-333",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-10129",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10129"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10129"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). postgresql Contains an information disclosure vulnerability.Information may be obtained. PostgreSQL is a set of free object relational database management system organized by PostgreSQL. The system supports most SQL standards and provides many other features, such as foreign keys, triggers, views, and more. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202003-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: PostgreSQL: Multiple vulnerabilities\n     Date: March 12, 2020\n     Bugs: #685846, #688420, #709708\n       ID: 202003-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PostgreSQL, the worst of\nwhich could result in the execution of arbitrary code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-db/postgresql          \u003c 9.4.26:9.4            \u003e= 9.4.26:9.4\n                                \u003c 9.5.21:9.5            \u003e= 9.5.21:9.5\n                                \u003c 9.6.17:9.6            \u003e= 9.6.17:9.6\n                                 \u003c 10.12:10               \u003e= 10.12:10\n                                 \u003c 11.7:11                 \u003e= 11.7:11\n                                 \u003c 12.2:12                 \u003e= 12.2:12\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, bypass certain client-side connection\nsecurity features, read arbitrary server memory, alter certain data or\ncause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PostgreSQL 9.4.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.4.26:9.4\"\n\nAll PostgreSQL 9.5.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.5.21:9.5\"\n\nAll PostgreSQL 9.6.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-9.6.17:9.6\"\n\nAll PostgreSQL 10.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-10.12:10\"\n\nAll PostgreSQL 11.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-11.7:11\"\n\nAll PostgreSQL 12.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-db/postgresql-12.2:12\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-10129\n      https://nvd.nist.gov/vuln/detail/CVE-2019-10129\n[ 2 ] CVE-2019-10130\n      https://nvd.nist.gov/vuln/detail/CVE-2019-10130\n[ 3 ] CVE-2019-10164\n      https://nvd.nist.gov/vuln/detail/CVE-2019-10164\n[ 4 ] CVE-2020-1720\n      https://nvd.nist.gov/vuln/detail/CVE-2020-1720\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3972-1\nMay 13, 2019\n\npostgresql-10, postgresql-11, postgresql-9.5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PostgreSQL. This issue only affected Ubuntu 19.04. (CVE-2019-10129)\n\nDean Rasheed discovered that PostgreSQL incorrectly handled selectivity\nestimators. A remote attacker could possibly use this issue to bypass row\nsecurity policies. (CVE-2019-10130)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n  postgresql-11                   11.3-0ubuntu0.19.04.1\n\nUbuntu 18.10:\n  postgresql-10                   10.8-0ubuntu0.18.10.1\n\nUbuntu 18.04 LTS:\n  postgresql-10                   10.8-0ubuntu0.18.04.1\n\nUbuntu 16.04 LTS:\n  postgresql-9.5                  9.5.17-0ubuntu0.16.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart PostgreSQL to\nmake all the necessary changes. \n\nReferences:\n  https://usn.ubuntu.com/usn/usn-3972-1\n  CVE-2019-10129, CVE-2019-10130\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/postgresql-11/11.3-0ubuntu0.19.04.1\n  https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.10.1\n  https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.04.1\n  https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.17-0ubuntu0.16.04.1\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      },
      {
        "db": "BID",
        "id": "108506"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10129"
      },
      {
        "db": "PACKETSTORM",
        "id": "156711"
      },
      {
        "db": "PACKETSTORM",
        "id": "152824"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-10129",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "108506",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "156711",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152824",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1681",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1668",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-333",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10129",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10129"
      },
      {
        "db": "BID",
        "id": "108506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "db": "PACKETSTORM",
        "id": "156711"
      },
      {
        "db": "PACKETSTORM",
        "id": "152824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10129"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ]
  },
  "id": "VAR-201907-1315",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:30:15.514000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "PostgreSQL 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22 Released!",
        "trust": 0.8,
        "url": "https://www.postgresql.org/about/news/1939/"
      },
      {
        "title": "Patch for PostgreSQL Memory Leak Vulnerability (CNVD-2019-16482)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/162925"
      },
      {
        "title": "PostgreSQL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92497"
      },
      {
        "title": "Ubuntu Security Notice: postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3972-1"
      },
      {
        "title": "PostgreSQL CVE: CVE-2019-10129",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=postgresql_cve\u0026qid=43abd0671e28c0d36ed09da2aa374848"
      },
      {
        "title": "PostgreSQL Security Announcements: PostgreSQL 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22 Released!",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=postgresql_security_announcements\u0026qid=c32b14b98b9f434476d955dd6620c592"
      },
      {
        "title": "PostgreSQL Security Announcements: PostgreSQL 11.3, 10.8, 9.6.13, 9.5.17, and 9.4.22 Released!",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=postgresql_security_announcements\u0026qid=277a6808e8230bde486f1f85b16bfac2"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-10129 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10129"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://www.postgresql.org/about/news/1939/"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202003-03"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-10129"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10129"
      },
      {
        "trust": 0.9,
        "url": "https://www.postgresql.org/docs/11/release-11-3.html"
      },
      {
        "trust": 0.9,
        "url": "https://usn.ubuntu.com/3972-1"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10129"
      },
      {
        "trust": 0.7,
        "url": "https://usn.ubuntu.com/3972-1/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80718"
      },
      {
        "trust": 0.6,
        "url": "https://www.securityfocus.com/bid/108506"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80770"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilities-in-ibm-robotic-process-automation-with-automation-anywhere/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152824/ubuntu-security-notice-usn-3972-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156711/gentoo-linux-security-advisory-202003-03.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10130"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60168"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.postgresql.org/support/security/cve-2019-10129/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1720"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10164"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3972-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/postgresql-11/11.3-0ubuntu0.19.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.17-0ubuntu0.16.04.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10129"
      },
      {
        "db": "BID",
        "id": "108506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "db": "PACKETSTORM",
        "id": "156711"
      },
      {
        "db": "PACKETSTORM",
        "id": "152824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10129"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10129"
      },
      {
        "db": "BID",
        "id": "108506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "db": "PACKETSTORM",
        "id": "156711"
      },
      {
        "db": "PACKETSTORM",
        "id": "152824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10129"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      },
      {
        "date": "2019-07-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-10129"
      },
      {
        "date": "2019-05-09T00:00:00",
        "db": "BID",
        "id": "108506"
      },
      {
        "date": "2019-08-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "date": "2020-03-13T14:56:18",
        "db": "PACKETSTORM",
        "id": "156711"
      },
      {
        "date": "2019-05-13T15:14:37",
        "db": "PACKETSTORM",
        "id": "152824"
      },
      {
        "date": "2019-07-30T17:15:12.263000",
        "db": "NVD",
        "id": "CVE-2019-10129"
      },
      {
        "date": "2019-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-16482"
      },
      {
        "date": "2023-02-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-10129"
      },
      {
        "date": "2019-05-09T00:00:00",
        "db": "BID",
        "id": "108506"
      },
      {
        "date": "2019-08-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      },
      {
        "date": "2023-02-03T14:26:40.660000",
        "db": "NVD",
        "id": "CVE-2019-10129"
      },
      {
        "date": "2020-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "152824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "postgresql Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007133"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-333"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-10129

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-10129

Aliases

CVE-2019-10129

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-10129",
    "description": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).",
    "id": "GSD-2019-10129",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-10129.html",
      "https://ubuntu.com/security/CVE-2019-10129",
      "https://advisories.mageia.org/CVE-2019-10129.html",
      "https://linux.oracle.com/cve/CVE-2019-10129.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-10129"
      ],
      "details": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).",
      "id": "GSD-2019-10129",
      "modified": "2023-12-13T01:23:59.643657Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2019-10129",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "postgresql",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "11.x prior to 11.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "PostgreSQL Project"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052)."
          }
        ]
      },
      "impact": {
        "cvss": [
          [
            {
              "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.0"
            }
          ]
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-125"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-202003-03",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202003-03"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129"
          },
          {
            "name": "https://www.postgresql.org/about/news/1939/",
            "refsource": "MISC",
            "url": "https://www.postgresql.org/about/news/1939/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-10129"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129"
            },
            {
              "name": "https://www.postgresql.org/about/news/1939/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.postgresql.org/about/news/1939/"
            },
            {
              "name": "GLSA-202003-03",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202003-03"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-03T14:26Z",
      "publishedDate": "2019-07-30T17:15Z"
    }
  }
}

ghsa-8f7w-x9j5-q7c8

Vulnerability from github

Published

2022-05-24 16:51

Modified

2023-02-03 15:31

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-10129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-30T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).",
  "id": "GHSA-8f7w-x9j5-q7c8",
  "modified": "2023-02-03T15:31:17Z",
  "published": "2022-05-24T16:51:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10129"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10129"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-03"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/about/news/1939"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2019-10129

Vulnerability from cvelistv5

var-201907-1315

Vulnerability from variot

Synopsis

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities

gsd-2019-10129

Vulnerability from gsd

ghsa-8f7w-x9j5-q7c8

Vulnerability from github

Tags

Sightings

Nomenclature