Vulnerability identifier: #VU53232
Vulnerability risk: Medium
Exploitation vector: Network
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due memory leak within the
INSERT ... ON CONFLICT ... DO UPDATE command implementation. A remote authenticated database user can execute the affected command to read arbitrary bytes of server memory. In the default
configuration, any authenticated database user can create prerequisite objects
and complete this attack at will.
Install updates from vendor's website.
Vulnerable software versions
PostgreSQL: 13.0 - 13.2, 12 - 12.6, 11.0 - 11.11, 10.0 - 10.16, 9.6.0 - 9.6.21
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?