Main Vulnerability Database SB2021092813

SB2021092813 - IBM Connect Direct for Microsoft Windows update for PostgreSQL

Published: September 28, 2021

Security Bulletin ID SB2021092813

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2021-32029)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due memory leak when processing UPDATE ... RETURNING command on a purpose-crafted partitioned table. A remote authenticated user can run the affected command and read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerability-affects-ibm-sterling-connectdirect-for-microsoft-windows-cve-2021-32029/