Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL Out-of-bounds Write Vulnerability (CVE-2019-10164)

Description

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

Remediation

References

Related Vulnerabilities

MySQL NULL Pointer Dereference Vulnerability (CVE-2021-22570)

WordPress Plugin DX-Contribute Cross-Site Request Forgery (1.2.0)

WordPress Plugin AMP extensions Cross-Site Scripting (1.1)

WordPress Plugin Exit Popups & Onsite Retargeting by OptiMonk Cross-Site Scripting (1.2.5)

WordPress Plugin DSGVO All in one for WP Cross-Site Scripting (4.1)

Severity

High

Classification

CVE-2019-10164 CWE-787 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities