CVE-2021-32028
Summary
| CVE | CVE-2021-32028 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-11 17:15:00 UTC |
| Updated | 2023-01-31 17:29:00 UTC |
| Description | A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Postgresql | Postgresql | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1956877 – (CVE-2021-32028) CVE-2021-32028 postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE | MISC | bugzilla.redhat.com | |
| PostgreSQL: Multiple Vulnerabilities (GLSA 202211-04) — Gentoo security | GENTOO | security.gentoo.org | |
| PostgreSQL: CVE-2021-32028: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE | MISC | www.postgresql.org | |
| October 2021 PostgreSQL Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159265 Oracle Enterprise Linux Security Update for postgresql:9.6 (ELSA-2021-2360)
- 159266 Oracle Enterprise Linux Security Update for postgresql:10 (ELSA-2021-2361)
- 159268 Oracle Enterprise Linux Security Update for postgresql:12 (ELSA-2021-2372)
- 159269 Oracle Enterprise Linux Security Update for postgresql:13 (ELSA-2021-2375)
- 159369 Oracle Enterprise Linux Security Update for rh-postgresql10-postgresql (ELSA-2021-9428)
- 178598 Debian Security Update for postgresql-9.6 (DLA 2662-1)
- 178617 Debian Security Update for postgresql-11 (DSA 4915-1)
- 180141 Debian Security Update for postgresql-13 (CVE-2021-32028)
- 198391 Ubuntu Security Notification for PostgreSQL vulnerabilities (USN-4972-1)
- 239382 Red Hat Update for postgresql:13 (RHSA-2021:2375)
- 239383 Red Hat Update for postgresql:12 (RHSA-2021:2372)
- 239389 Red Hat Update for postgresql:10 (RHSA-2021:2361)
- 239390 Red Hat Update for postgresql:9.6 (RHSA-2021:2360)
- 239435 Red Hat Update for rh-postgresql13-postgresql (RHSA-2021:2396)
- 239436 Red Hat Update for rh-postgresql10-postgresql (RHSA-2021:2395)
- 239437 Red Hat Update for rh-postgresql12-postgresql (RHSA-2021:2394)
- 239438 Red Hat Update for postgresql:9.6 (RHSA-2021:2393)
- 239439 Red Hat Update for postgresql:10 (RHSA-2021:2392)
- 239440 Red Hat Update for postgresql:9.6 (RHSA-2021:2391)
- 239441 Red Hat Update for postgresql:10 (RHSA-2021:2390)
- 239442 Red Hat Update for postgresql:12 (RHSA-2021:2389)
- 356175 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL12-2023-004
- 356201 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL11-2023-003
- 356295 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL13-2023-003
- 377098 Alibaba Cloud Linux Security Update for postgresql:13 (ALINUX3-SA-2021:0043)
- 500542 Alpine Linux Security Update for postgresql
- 501470 Alpine Linux Security Update for postgresql
- 501993 Alpine Linux Security Update for postgresql13
- 502010 Alpine Linux Security Update for postgresql14
- 502776 Alpine Linux Security Update for postgresql15
- 504309 Alpine Linux Security Update for postgresql14
- 505668 Alpine Linux Security Update for postgresql15
- 671156 EulerOS Security Update for postgresql (EulerOS-SA-2021-2811)
- 690135 Free Berkeley Software Distribution (FreeBSD) Security Update for postgresql server (62da9702-b4cc-11eb-b9c9-6cc21735f730)
- 710683 Gentoo Linux PostgreSQL Multiple Vulnerabilities (GLSA 202211-04)
- 750047 SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2021:1782-1)
- 750050 SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2021:1784-1)
- 750052 SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2021:1785-1)
- 750053 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2021:1783-1)
- 750068 SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2021:1785-1)
- 750162 SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2021:1970-1)
- 750638 OpenSUSE Security Update for postgresql10 (openSUSE-SU-2021:0894-1)
- 750657 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2021:1994-1)
- 750776 OpenSUSE Security Update for postgresql13 (openSUSE-SU-2021:1785-1)
- 750808 OpenSUSE Security Update for postgresql10 (openSUSE-SU-2021:1970-1)
- 750816 OpenSUSE Security Update for postgresql12 (openSUSE-SU-2021:1994-1)
- 750982 SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2021:2777-1)
- 751264 SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2021:3481-1)
- 752529 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2022:2958-1)
- 940196 AlmaLinux Security Update for postgresql:9.6 (ALSA-2021:2360)
- 940218 AlmaLinux Security Update for postgresql:13 (ALSA-2021:2375)
- 940343 AlmaLinux Security Update for postgresql:10 (ALSA-2021:2361)
- 940413 AlmaLinux Security Update for postgresql:12 (ALSA-2021:2372)
- 960053 Rocky Linux Security Update for postgresql:9.6 (RLSA-2021:2360)
- 960091 Rocky Linux Security Update for postgresql:13 (RLSA-2021:2375)
- 960093 Rocky Linux Security Update for postgresql:12 (RLSA-2021:2372)
- 960101 Rocky Linux Security Update for postgresql:10 (RLSA-2021:2361)