Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2019-10164 PUBLISHED CVSS 8.800000190734863 HIGH

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

Risk Scores

CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.9postgresql9.6.5-r0, 9.6.0-r1, 9.6.1-r0
Alpine:v3.19postgresql150, 0, 0
Alpine:v3.14postgresql10.0-r0, 9.6.5-r1, 9.6.5-r0
Alpine:v3.16postgresql149.6.0-r1, 9.6.1-r0, 9.6.1-r1
Alpine:v3.17postgresql149.4.1-r3, 0, 10.0-r0
Alpine:v3.18postgresql150, 0, 0
Alpine:v3.12postgresql9.4.5-r0, 9.4.4-r0, 9.4.3-r0
Alpine:v3.18postgresql1411.2-r0, 9.1.2-r2, 9.1.2-r1
Alpine:v3.11postgresql9.1.0-r1, 9.1.0-r0, 9.0.4-r0
Alpine:v3.15postgresql148.4.3-r1, 0, 10.0-r0
Alpine:v3.7postgresql8.4.2-r0, 8.4.3-r0, 8.4.3-r1
Alpine:v3.17postgresql150, 0, 0
Alpine:v3.20postgresql150, 0, 0
Alpine:v3.13postgresql9.6.2-r4, 9.6.3-r0, 9.6.4-r0
Alpine:v3.10postgresql9.4.5-r0, 9.4.5-r1, 9.5.0-r0
Alpine:v3.8postgresql9.1.0-r1, 8.4.0-r1, 8.4.0-r2

Timeline

References

Open in Interactive Console →