what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2021-3677

Status Candidate

Overview

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

Related Files

Red Hat Security Advisory 2021-5235-02
Posted Dec 21, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5235-02 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-23214, CVE-2021-3677
SHA-256 | aec25dbc4ecfc1bf4403dd4fb090691e06a2ed10546656d5aebaa8c86ca00684
Red Hat Security Advisory 2021-5236-02
Posted Dec 21, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5236-02 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-23214, CVE-2021-3677
SHA-256 | 220c9f7f0e29569a511a0c6e1352d7daaa826796769b89e330415893a11b96fe
Red Hat Security Advisory 2021-5179-02
Posted Dec 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5179-02 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-23214, CVE-2021-23222, CVE-2021-3677
SHA-256 | fbf7a744d4fc746da253ea8eba425272215a926f6a8f342b19a7c3a34a96baf8
Red Hat Security Advisory 2021-5197-03
Posted Dec 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5197-03 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-23214, CVE-2021-23222, CVE-2021-3677
SHA-256 | f3371f5f049af77780daa2630ead217d43411b9acc56bcd999873bb7b9294668
Ubuntu Security Notice USN-5038-1
Posted Aug 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5038-1 - It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly obtain sensitive information from memory. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. It was discovered that PostgreSQL incorrectly handled certain SSL renegotiation ClientHello messages from clients. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3449, CVE-2021-3677
SHA-256 | ba7d2eca99cc28f70588d7fad45e096bb5d26bc41a8ee9cacb70b88517f73a4e
Ubuntu Security Notice USN-5033-1
Posted Aug 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5033-1 - It was discovered that the Perl Encode library incorrectly handled paths. A local attacker could possibly use this issue to trick the library into executing arbitrary code from the current working directory.

tags | advisory, arbitrary, local, perl
systems | linux, ubuntu
advisories | CVE-2021-36770
SHA-256 | 43bf451f88cc22741071b9ad5dbfe1b72d0c07e7068fce93827a8f638e309c17
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close