CVE-2019-10209

Name
CVE-2019-10209
Description
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
NVD Severity
low
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.postgresql.org/about/news/1960/
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* postgresql >= 11.0 < 11.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
postgresql15 edge-main 11.5-r0 None fixed
postgresql15 edge-community 11.5-r0 None fixed
postgresql15 3.20-main 11.5-r0 None fixed
postgresql15 3.19-main 11.5-r0 None fixed
postgresql15 3.18-main 11.5-r0 None fixed
postgresql15 3.17-main 11.5-r0 None fixed
postgresql14 edge-main 11.5-r0 None fixed
postgresql14 edge-community 11.5-r0 None fixed
postgresql14 3.20-community 11.5-r0 None fixed
postgresql14 3.19-community 11.5-r0 None fixed
postgresql14 3.18-main 11.5-r0 None fixed
postgresql14 3.17-main 11.5-r0 None fixed
postgresql edge-main 11.5-r0 None fixed
postgresql edge-main 11.4-r0 None possibly vulnerable
postgresql edge-main 11.3-r0 None possibly vulnerable
postgresql edge-main 11.1-r0 None possibly vulnerable
postgresql 3.12-main 11.5-r0 None fixed
postgresql 3.11-main 11.5-r0 None fixed
postgresql 3.10-main 11.5-r0 None fixed