Main Vulnerability Database SB2021121641

SB2021121641 - Memory leak in PostgreSQL

Published: December 16, 2021

Security Bulletin ID SB2021121641

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2021-3677)

The vulnerability allows a remote user to perform DoS attack or gain access to sensitive information.

The vulnerability exists due memory leak during parallel sort operations. A remote user can force the application to leak memory and perform denial of service attack or read arbitrary memory parts on the system.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2001857
https://www.postgresql.org/docs/release/13.4/