A flaw was found in postgresql. Using an INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postgresql | Postgresql | 9.6.0 (including) | 9.6.22 (excluding) |
Postgresql | Postgresql | 10.0 (including) | 10.17 (excluding) |
Postgresql | Postgresql | 11.0 (including) | 11.12 (excluding) |
Postgresql | Postgresql | 12.0 (including) | 12.7 (excluding) |
Postgresql | Postgresql | 13.0 (including) | 13.3 (excluding) |