Description

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

Remediation

References

CVE-2019-10164

Related Vulnerabilities

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9783)

WordPress Plugin Contact Form DB Multiple Cross-Site Scripting Vulnerabilities (2.8.15)

Drupal Core 8.8.x Arbitrary File Overwrite (8.8.0 - 8.8.12)

WordPress Plugin Wholesale Market Arbitrary File Download (2.2.0)

Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2018-14719)

Severity

High

Classification

CVE-2019-10164 CWE-787 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities