CVE-2018-1052 - Vulnerability Details - OpenCVE

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Postgresql	Postgresql

Configuration 1 [-]

OR	cpe:2.3:a:postgresql:postgresql:10.0:::::::*
	cpe:2.3:a:postgresql:postgresql:10.1:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102987
https://nvd.nist.gov/vuln/detail/CVE-2018-1052
https://www.cve.org/CVERecord?id=CVE-2018-1052
https://www.postgresql.org/about/news/1829/

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-02-09T14:00:00Z

Updated: 2024-09-16T17:08:06.088Z

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1052

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-02-09T14:29:00.230

Modified: 2024-11-21T03:59:04.563

Link: CVE-2018-1052

Redhat

Severity : Moderate

Publid Date: 2018-02-08T00:00:00Z

Links: CVE-2018-1052 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "postgresql", "vendor": "The PostgreSQL Global Development Group", "versions": [{"status": "affected", "version": "10.x before 10.2"}]}], "datePublic": "2018-02-08T00:00:00", "descriptions": [{"lang": "en", "value": "Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-02-14T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.postgresql.org/about/news/1829/"}, {"name": "102987", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102987"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-02-08T00:00:00", "ID": "CVE-2018-1052", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "postgresql", "version": {"version_data": [{"version_value": "10.x before 10.2"}]}}]}, "vendor_name": "The PostgreSQL Global Development Group"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "https://www.postgresql.org/about/news/1829/", "refsource": "CONFIRM", "url": "https://www.postgresql.org/about/news/1829/"}, {"name": "102987", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102987"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:44:11.952Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.postgresql.org/about/news/1829/"}, {"name": "102987", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102987"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1052", "datePublished": "2018-02-09T14:00:00Z", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-09-16T17:08:06.088Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "97465EF2-1B00-4210-9F58-643A2C6198D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "10842CE3-9380-4550-AEE8-B6C26A510003", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de revelaci\u00f3n de memoria en la partici\u00f3n de tablas en postgresql, en versiones 10.x anteriores a la 10.2, que permite que un atacante autenticado lea bytes arbitrarios de la memoria del servidor mediante inserciones manipuladas para este prop\u00f3sito en una tabla particionada."}], "id": "CVE-2018-1052", "lastModified": "2024-11-21T03:59:04.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-09T14:29:00.230", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102987"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://www.postgresql.org/about/news/1829/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://www.postgresql.org/about/news/1829/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges David Rowley and \u00c1lvaro Herrera as the original reporters.", "bugzilla": {"description": "postgresql: Memory disclosure in table partitioning", "id": "1539613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539613"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.", "A memory disclosure vulnerability in table partitioning was found in postgresql, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table."], "name": "CVE-2018-1052", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "rh-postgresql94-postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "rh-postgresql95-postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Not affected", "package_name": "postgresql95-postgresql", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-postgresql10-postgresql", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-postgresql94-postgresql", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-postgresql95-postgresql", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-postgresql96-postgresql", "product_name": "Red Hat Software Collections"}], "public_date": "2018-02-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1052\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1052\nhttps://www.postgresql.org/about/news/1829/"], "statement": "This issue did not affect the versions of PostgreSQL as shipped with Red Hat Satellite 5 and CloudForms 5 as they use PostgreSQL version 9.x and this vulnerability is specific to PostgreSQL 10.x.", "threat_severity": "Moderate"}