CVE-2021-32027
Public on 2021-06-01
Modified on 2024-05-08
Description
A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2 - Postgresql10 Extra | postgresql | No Fix Planned | ||
| HAQM Linux 2 - Postgresql9.6 Extra | postgresql | No Fix Planned | ||
| HAQM Linux 2 - Core | postgresql | 2022-09-01 | ALAS2-2022-1843 | Fixed |
| HAQM Linux 2 - Postgresql11 Extra | postgresql | 2023-08-07 | ALAS2POSTGRESQL11-2023-003 | Fixed |
| HAQM Linux 2 - Postgresql12 Extra | postgresql | 2023-08-07 | ALAS2POSTGRESQL12-2023-004 | Fixed |
| HAQM Linux 2 - Postgresql13 Extra | postgresql | 2023-08-07 | ALAS2POSTGRESQL13-2023-003 | Fixed |
| HAQM Linux 2023 | postgresql15 | Not Affected | ||
| HAQM Linux 1 | postgresql96 | 2021-07-08 | ALAS-2021-1520 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 6.5 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| NVD | CVSSv3 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |