CVE-2018-1052

EPSS 0.47%
Published 09.02.2018 14:29:00
Last modified 21.11.2024 03:59:04
Source secalert@redhat.com
Teams watchlist Login
Open Login

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version10.0

Postgresql ≫ Postgresql Version10.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.637

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/102987

Third Party Advisory

VDB Entry

https://www.postgresql.org/about/news/1829/

Patch

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-1052

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1052

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1052

EUVD