Main Vulnerability Database Vulnerabilities #VU59043

#VU59043 Memory leak in PostgreSQL - CVE-2021-3677

Published: December 16, 2021

Vulnerability identifier: #VU59043

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3677

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PostgreSQL

Software vendor:
PostgreSQL Global Development Group

Description

The vulnerability allows a remote user to perform DoS attack or gain access to sensitive information.

The vulnerability exists due memory leak during parallel sort operations. A remote user can force the application to leak memory and perform denial of service attack or read arbitrary memory parts on the system.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2001857
https://www.postgresql.org/docs/release/13.4/

#VU59043 Memory leak in PostgreSQL - CVE-2021-3677

Description

Remediation

External links

Please verify you're human