CVE-2021-32027

Description

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

How to fix CVE-2021-32027

To remediate CVE-2021-32027, upgrade the affected package to a fixed version below.

• —upgrade to 11.12-r0 or later
• —upgrade to 13.3-r0 or later
• —upgrade to 13.3-r0 or later
• —upgrade to 13.3-r0 or later
• —upgrade to 9.6.22 or later
• —upgrade to 11.12-0+deb10u1 or later
• —upgrade to 13.3-1 or later
• —upgrade to 9.6.22-0+deb9u1 or later

Is CVE-2021-32027 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (8)

• from 0, < 11.12-r0
• from 0, < 13.3-r0
• from 0, < 13.3-r0
• from 0, < 13.3-r0
• >= 9.6.0, < 9.6.22, >= 10.0.0, < 10.17.0, >= 11.0.0, < 11.12.0, >= 12.0.0, < 12.7.0, >= 13.0.0, < 13.3.0
• from 0, < 11.12-0+deb10u1
• from 0, < 13.3-1
• from 0, < 9.6.22-0+deb9u1

CVSS scores

References (7)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2021-32027
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-32027
• WEBbugzilla.redhat.com/show_bug.cgi?id=1956876
• WEBnvd.nist.gov/vuln/detail/CVE-2021-32027
• WEB