Main Vulnerability Database Vulnerabilities #VU18861

Stack-based buffer overflow in PostgreSQL - CVE-2019-10164

Published: June 20, 2019

Vulnerability identifier: #VU18861

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-10164

CWE-ID: CWE-121

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: PostgreSQL Global Development Group

Affected software:
PostgreSQL

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing users passwords. A remote authenticated user can change his/her password to a specially crafted string, trigger stack-based buffer overflow and execute arbitrary code on the target system or crash the PostgreSQL process.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2019-10164

Install updates from vendor's website.

Sources

https://www.postgresql.org/about/news/1949/

Stack-based buffer overflow in PostgreSQL - CVE-2019-10164

Detailed vulnerability description

How to mitigate CVE-2019-10164

Sources

Please verify you're human