USN-5645-1: PostgreSQL vulnerabilities
Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established. (CVE-2021-23214)
Tom Lane discovered that PostgreSQL incorrect handled certain array
subscripting calculations. An authenticated attacker could possibly use
this issue to overwrite server memory and escalate privileges.
(CVE-2021-32027)
Source: USN-5645-1: PostgreSQL vulnerabilities
Leave a Reply