VDB

GCVE-VVD-MAGEIA-2019-204

GCVE-VVD-MAGEIA-2019-204
Advisory Published
Vulnetix · Advisory published November 14, 2019
An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account. (CVE-2019-10164) More than 25 other bugs have been fixed too, see referenced release notes.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiatimezone0 (affected), 2019c-1.mga7 (unaffected)
Mageiapostgresql110 (affected), 11.4-1.mga7 (unaffected), 0 (affected), 11.4-1.mga7 (unaffected)

Aliases

CVE-2019-10164

Transitive aliases

GHSA-gr34-mv2c-wc84EUVD-2019-2197BDU:2019-02385VVD-GENTOO-2019-688420

References

Updated postgresql11 packages fix security vulnerabilities
advisory
Updated postgresql11 packages fix security vulnerabilities
issue
Updated postgresql11 packages fix security vulnerabilities
issue
Updated timezone packages
advisory
Updated timezone packages
issue
Updated timezone packages
issue
Updated timezone packages
issue
Updated timezone packages
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›