Vulnerability CVE-2021-3677: Information

Description

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3677
Published: March 3, 2022
Modified: Jan. 31, 2023
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
postgresql11p1011.13-alt111.22-alt0.p10.1ALT-PU-2021-2532-1282403Fixed
postgresql11p911.13-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2021-2605-1282411Fixed
postgresql11p811.14-alt0.M80P.111.14-alt0.M80P.1ALT-PU-2021-3579-1289365Fixed
postgresql11c10f111.13-alt111.22-alt0.p10.1ALT-PU-2021-2532-1282403Fixed
postgresql11c9f211.14-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2021-3567-1292243Fixed
postgresql11-1Cp811.12-alt0.M80P.211.12-alt0.M80P.2ALT-PU-2021-3580-1289365Fixed
postgresql12sisyphus12.8-alt112.18-alt1ALT-PU-2021-2485-1282393Fixed
postgresql12p1012.8-alt112.18-alt0.p10.1ALT-PU-2021-2533-1282403Fixed
postgresql12p912.8-alt0.M90P.112.18-alt0.M90P.1ALT-PU-2021-2603-1282411Fixed
postgresql12p812.9-alt0.M80P.112.9-alt0.M80P.1ALT-PU-2021-3581-1289365Fixed
postgresql12c10f112.8-alt112.18-alt0.p10.1ALT-PU-2021-2533-1282403Fixed
postgresql12c9f212.9-alt0.M90P.112.18-alt0.c9f2.1ALT-PU-2021-3600-1292389Fixed
postgresql12-1Cp912.7-alt0.M90P.212.17-alt0.M90P.2ALT-PU-2021-2604-1282411Fixed
postgresql12-1Cp9_mipsel12.9-alt0.M90P.112.11-alt0.M90P.3ALT-PU-2022-3997-1-Fixed
postgresql12-1Cc9f212.7-alt0.M90P.312.17-alt0.c9f2.2ALT-PU-2021-3564-1292243Fixed
postgresql13sisyphus13.4-alt113.14-alt1ALT-PU-2021-2482-1282393Fixed
postgresql13p1013.4-alt113.14-alt0.p10.1ALT-PU-2021-2531-1282403Fixed
postgresql13c10f113.4-alt113.14-alt0.p10.1ALT-PU-2021-2531-1282403Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2001857
  • Issue Tracking
  • Third Party Advisory
https://www.postgresql.org/support/security/CVE-2021-3677/
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20220407-0008/
  • Third Party Advisory
GLSA-202211-04
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      13.0
      End excliding
      13.4
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      12.0
      End excliding
      12.8
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      11.0
      End excliding
      11.13

      Configuration 2

      cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top