Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges. (CVE-2021-32027)
Andres Freund discovered that PostgreSQL incorrect handled certain INSERT ... ON CONFLICT ... DO UPDATE commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. (CVE-2021-32028)
Tom Lane discovered that PostgreSQL incorrect handled certain UPDATE ... RETURNING commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-32029)
{ "binaries": [ { "binary_name": "libecpg-compat3", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "libecpg-dev", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "libecpg6", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "libpgtypes3", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "libpq-dev", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "libpq5", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "postgresql-10", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "postgresql-client-10", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "postgresql-doc-10", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "postgresql-plperl-10", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "postgresql-plpython-10", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "postgresql-plpython3-10", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "postgresql-pltcl-10", "binary_version": "10.17-0ubuntu0.18.04.1" }, { "binary_name": "postgresql-server-dev-10", "binary_version": "10.17-0ubuntu0.18.04.1" } ], "availability": "No subscription required" }
{ "ecosystem": "Ubuntu:18.04:LTS", "cves": [ { "id": "CVE-2021-32027", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ] }, { "id": "CVE-2021-32028", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ] } ] }
{ "binaries": [ { "binary_name": "libecpg-compat3", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "libecpg-dev", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "libecpg6", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "libpgtypes3", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "libpq-dev", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "libpq5", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "postgresql-12", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "postgresql-client-12", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "postgresql-doc-12", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "postgresql-plperl-12", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "postgresql-plpython3-12", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "postgresql-pltcl-12", "binary_version": "12.7-0ubuntu0.20.04.1" }, { "binary_name": "postgresql-server-dev-12", "binary_version": "12.7-0ubuntu0.20.04.1" } ], "availability": "No subscription required" }
{ "ecosystem": "Ubuntu:20.04:LTS", "cves": [ { "id": "CVE-2021-32027", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ] }, { "id": "CVE-2021-32028", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ] }, { "id": "CVE-2021-32029", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ] } ] }