QwikSec

Security Database

CVE

CWE

Training

CVE-2021-32028

Published: Oct 11, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

Vendor	Product	Versions
n/a	postgresql	affected `postgresql 13.3, postgresql 12.7, postgresql 11.12, postgresql 10.17, postgresql 9.6.22`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1956877

https://www.postgresql.org/support/security/CVE-2021-32028

https://security.netapp.com/advisory/ntap-20211112-0003/

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.