vulnerability
FreeBSD: VID-245629d4-991e-11e9-82aa-6cc21735f730 (CVE-2019-10164): PostgreSQL -- Stack-based buffer overflow via setting a password
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Jun 27, 2019 | Jun 27, 2019 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Jun 27, 2019
Added
Jun 27, 2019
Modified
Dec 10, 2025
Description
The PostgreSQL project reports: An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account. This issue is fixed by upgrading and restarting your PostgreSQL server as well as your libpq installations. All users running PostgreSQL 10, 11, and 12 beta are encouraged to upgrade as soon as possible.
Solutions
freebsd-upgrade-package-postgresql11-serverfreebsd-upgrade-package-postgresql10-server
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.