{"api_version":"1","generated_at":"2026-04-22T23:31:17+00:00","cve":"CVE-2021-32027","urls":{"html":"https://cve.report/CVE-2021-32027","api":"https://cve.report/api/cve/CVE-2021-32027.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-32027","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-32027"},"summary":{"title":"CVE-2021-32027","description":"A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-06-01 14:15:00","updated_at":"2023-11-07 03:35:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20210713-0004/","name":"https://security.netapp.com/advisory/ntap-20210713-0004/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-32027 PostgreSQL Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.postgresql.org/support/security/CVE-2021-32027/","name":"https://www.postgresql.org/support/security/CVE-2021-32027/","refsource":"MISC","tags":[],"title":"PostgreSQL: CVE-2021-32027: Buffer overrun from integer overflow in array subscripting calculations","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956876","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1956876","refsource":"MISC","tags":[],"title":"1956876 – (CVE-2021-32027) CVE-2021-32027 postgresql: Buffer overrun from integer overflow in array subscripting calculations","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202211-04","name":"GLSA-202211-04","refsource":"GENTOO","tags":[],"title":"PostgreSQL: Multiple Vulnerabilities (GLSA 202211-04) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-32027","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32027","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"32027","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"postgresql","cpe5":"postgresql","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"32027","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"32027","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"32027","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"7.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"32027","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"software_collections","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-32027","qid":"159265","title":"Oracle Enterprise Linux Security Update for postgresql:9.6 (ELSA-2021-2360)"},{"cve":"CVE-2021-32027","qid":"159266","title":"Oracle Enterprise Linux Security Update for postgresql:10 (ELSA-2021-2361)"},{"cve":"CVE-2021-32027","qid":"159268","title":"Oracle Enterprise Linux Security Update for postgresql:12 (ELSA-2021-2372)"},{"cve":"CVE-2021-32027","qid":"159269","title":"Oracle Enterprise Linux Security Update for postgresql:13 (ELSA-2021-2375)"},{"cve":"CVE-2021-32027","qid":"159275","title":"Oracle Enterprise Linux Security Update for postgresql (ELSA-2021-2397)"},{"cve":"CVE-2021-32027","qid":"159369","title":"Oracle Enterprise Linux Security Update for rh-postgresql10-postgresql (ELSA-2021-9428)"},{"cve":"CVE-2021-32027","qid":"178598","title":"Debian Security Update for postgresql-9.6 (DLA 2662-1)"},{"cve":"CVE-2021-32027","qid":"178617","title":"Debian Security Update for postgresql-11 (DSA 4915-1)"},{"cve":"CVE-2021-32027","qid":"180473","title":"Debian Security Update for postgresql-13 (CVE-2021-32027)"},{"cve":"CVE-2021-32027","qid":"198391","title":"Ubuntu Security Notification for PostgreSQL vulnerabilities (USN-4972-1)"},{"cve":"CVE-2021-32027","qid":"239382","title":"Red Hat Update for postgresql:13 (RHSA-2021:2375)"},{"cve":"CVE-2021-32027","qid":"239383","title":"Red Hat Update for postgresql:12 (RHSA-2021:2372)"},{"cve":"CVE-2021-32027","qid":"239389","title":"Red Hat Update for postgresql:10 (RHSA-2021:2361)"},{"cve":"CVE-2021-32027","qid":"239390","title":"Red Hat Update for postgresql:9.6 (RHSA-2021:2360)"},{"cve":"CVE-2021-32027","qid":"239434","title":"Red Hat Update for postgresql (RHSA-2021:2397)"},{"cve":"CVE-2021-32027","qid":"239435","title":"Red Hat Update for rh-postgresql13-postgresql (RHSA-2021:2396)"},{"cve":"CVE-2021-32027","qid":"239436","title":"Red Hat Update for rh-postgresql10-postgresql (RHSA-2021:2395)"},{"cve":"CVE-2021-32027","qid":"239437","title":"Red Hat Update for rh-postgresql12-postgresql (RHSA-2021:2394)"},{"cve":"CVE-2021-32027","qid":"239438","title":"Red Hat Update for postgresql:9.6 (RHSA-2021:2393)"},{"cve":"CVE-2021-32027","qid":"239439","title":"Red Hat Update for postgresql:10 (RHSA-2021:2392)"},{"cve":"CVE-2021-32027","qid":"239440","title":"Red Hat Update for postgresql:9.6 (RHSA-2021:2391)"},{"cve":"CVE-2021-32027","qid":"239441","title":"Red Hat Update for postgresql:10 (RHSA-2021:2390)"},{"cve":"CVE-2021-32027","qid":"239442","title":"Red Hat Update for postgresql:12 (RHSA-2021:2389)"},{"cve":"CVE-2021-32027","qid":"352471","title":"Amazon Linux Security Advisory for postgresql96: ALAS-2021-1520"},{"cve":"CVE-2021-32027","qid":"356175","title":"Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL12-2023-004"},{"cve":"CVE-2021-32027","qid":"356201","title":"Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL11-2023-003"},{"cve":"CVE-2021-32027","qid":"356295","title":"Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL13-2023-003"},{"cve":"CVE-2021-32027","qid":"376880","title":"Alibaba Cloud Linux Security Update for postgresql (ALINUX2-SA-2021:0041)"},{"cve":"CVE-2021-32027","qid":"377098","title":"Alibaba Cloud Linux Security Update for postgresql:13 (ALINUX3-SA-2021:0043)"},{"cve":"CVE-2021-32027","qid":"500542","title":"Alpine Linux Security Update for postgresql"},{"cve":"CVE-2021-32027","qid":"501470","title":"Alpine Linux Security Update for postgresql"},{"cve":"CVE-2021-32027","qid":"501993","title":"Alpine Linux Security Update for postgresql13"},{"cve":"CVE-2021-32027","qid":"502010","title":"Alpine Linux Security Update for postgresql14"},{"cve":"CVE-2021-32027","qid":"502776","title":"Alpine Linux Security Update for postgresql15"},{"cve":"CVE-2021-32027","qid":"504309","title":"Alpine Linux Security Update for postgresql14"},{"cve":"CVE-2021-32027","qid":"505668","title":"Alpine Linux Security Update for postgresql15"},{"cve":"CVE-2021-32027","qid":"670554","title":"EulerOS Security Update for postgresql (EulerOS-SA-2021-2312)"},{"cve":"CVE-2021-32027","qid":"670586","title":"EulerOS Security Update for postgresql (EulerOS-SA-2021-2344)"},{"cve":"CVE-2021-32027","qid":"670667","title":"EulerOS Security Update for postgresql (EulerOS-SA-2021-2426)"},{"cve":"CVE-2021-32027","qid":"670970","title":"EulerOS Security Update for postgresql (EulerOS-SA-2021-2607)"},{"cve":"CVE-2021-32027","qid":"710683","title":"Gentoo Linux PostgreSQL Multiple Vulnerabilities (GLSA 202211-04)"},{"cve":"CVE-2021-32027","qid":"730155","title":"McAfee Web Gateway Multiple Vulnerabilities(WP-3580, WP-3656, WP-3815, WP-3878, WP-3882, WP-3934,WP-3935, WP-3936, WP-3999)"},{"cve":"CVE-2021-32027","qid":"750047","title":"SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2021:1782-1)"},{"cve":"CVE-2021-32027","qid":"750050","title":"SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2021:1784-1)"},{"cve":"CVE-2021-32027","qid":"750052","title":"SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2021:1785-1)"},{"cve":"CVE-2021-32027","qid":"750053","title":"SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2021:1783-1)"},{"cve":"CVE-2021-32027","qid":"750068","title":"SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2021:1785-1)"},{"cve":"CVE-2021-32027","qid":"750162","title":"SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2021:1970-1)"},{"cve":"CVE-2021-32027","qid":"750638","title":"OpenSUSE Security Update for postgresql10 (openSUSE-SU-2021:0894-1)"},{"cve":"CVE-2021-32027","qid":"750657","title":"SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2021:1994-1)"},{"cve":"CVE-2021-32027","qid":"750776","title":"OpenSUSE Security Update for postgresql13 (openSUSE-SU-2021:1785-1)"},{"cve":"CVE-2021-32027","qid":"750808","title":"OpenSUSE Security Update for postgresql10 (openSUSE-SU-2021:1970-1)"},{"cve":"CVE-2021-32027","qid":"750816","title":"OpenSUSE Security Update for postgresql12 (openSUSE-SU-2021:1994-1)"},{"cve":"CVE-2021-32027","qid":"750982","title":"SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2021:2777-1)"},{"cve":"CVE-2021-32027","qid":"751264","title":"SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2021:3481-1)"},{"cve":"CVE-2021-32027","qid":"752529","title":"SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2022:2958-1)"},{"cve":"CVE-2021-32027","qid":"900045","title":"CBL-Mariner Linux Security Update for postgresql 12.6"},{"cve":"CVE-2021-32027","qid":"902889","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for postgresql (4338)"},{"cve":"CVE-2021-32027","qid":"940196","title":"AlmaLinux Security Update for postgresql:9.6 (ALSA-2021:2360)"},{"cve":"CVE-2021-32027","qid":"940218","title":"AlmaLinux Security Update for postgresql:13 (ALSA-2021:2375)"},{"cve":"CVE-2021-32027","qid":"940343","title":"AlmaLinux Security Update for postgresql:10 (ALSA-2021:2361)"},{"cve":"CVE-2021-32027","qid":"940413","title":"AlmaLinux Security Update for postgresql:12 (ALSA-2021:2372)"},{"cve":"CVE-2021-32027","qid":"960053","title":"Rocky Linux Security Update for postgresql:9.6 (RLSA-2021:2360)"},{"cve":"CVE-2021-32027","qid":"960091","title":"Rocky Linux Security Update for postgresql:13 (RLSA-2021:2375)"},{"cve":"CVE-2021-32027","qid":"960093","title":"Rocky Linux Security Update for postgresql:12 (RLSA-2021:2372)"},{"cve":"CVE-2021-32027","qid":"960101","title":"Rocky Linux Security Update for postgresql:10 (RLSA-2021:2361)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-32027","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"postgresql","version":{"version_data":[{"version_value":"postgresql 13.3, postgresql 12.7, postgresql 11.12, postgresql 10.17, postgresql 9.6.22"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190->CWE-119"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1956876","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956876"},{"refsource":"MISC","name":"https://www.postgresql.org/support/security/CVE-2021-32027/","url":"https://www.postgresql.org/support/security/CVE-2021-32027/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210713-0004/","url":"https://security.netapp.com/advisory/ntap-20210713-0004/"},{"refsource":"GENTOO","name":"GLSA-202211-04","url":"https://security.gentoo.org/glsa/202211-04"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}},"nvd":{"publishedDate":"2021-06-01 14:15:00","lastModifiedDate":"2023-11-07 03:35:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.17","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.12","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"9.6.0","versionEndExcluding":"9.6.22","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"32027","Ordinal":"207359","Title":"CVE-2021-32027","CVE":"CVE-2021-32027","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"32027","Ordinal":"1","NoteData":"A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"32027","Ordinal":"2","NoteData":"2021-06-01","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"32027","Ordinal":"3","NoteData":"2021-07-13","Type":"Other","Title":"Modified"}]}}}