Site icon 지락문화예술공작단

USN-5645-1: PostgreSQL vulnerabilities

USN-5645-1: PostgreSQL vulnerabilities

Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established. (CVE-2021-23214)

Tom Lane discovered that PostgreSQL incorrect handled certain array
subscripting calculations. An authenticated attacker could possibly use
this issue to overwrite server memory and escalate privileges.
(CVE-2021-32027)
Source: USN-5645-1: PostgreSQL vulnerabilities

Exit mobile version