vulnerability
Amazon Linux AMI 2: CVE-2021-32028: Security patch for postgresql (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Oct 11, 2021 | Sep 28, 2023 | May 20, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Oct 11, 2021
Added
Sep 28, 2023
Modified
May 20, 2026
Description
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
Solutions
amazon-linux-ami-2-upgrade-postgresqlamazon-linux-ami-2-upgrade-postgresql-contribamazon-linux-ami-2-upgrade-postgresql-debuginfoamazon-linux-ami-2-upgrade-postgresql-docsamazon-linux-ami-2-upgrade-postgresql-llvmjitamazon-linux-ami-2-upgrade-postgresql-plperlamazon-linux-ami-2-upgrade-postgresql-plpython2amazon-linux-ami-2-upgrade-postgresql-plpython3amazon-linux-ami-2-upgrade-postgresql-pltclamazon-linux-ami-2-upgrade-postgresql-serveramazon-linux-ami-2-upgrade-postgresql-server-develamazon-linux-ami-2-upgrade-postgresql-staticamazon-linux-ami-2-upgrade-postgresql-testamazon-linux-ami-2-upgrade-postgresql-test-rpm-macrosamazon-linux-ami-2-upgrade-postgresql-upgradeamazon-linux-ami-2-upgrade-postgresql-upgrade-devel
References
- AMAZON-AL2/ALAS2POSTGRESQL11-2023-003
- AMAZON-AL2/ALAS2POSTGRESQL12-2023-004
- AMAZON-AL2/ALAS2POSTGRESQL13-2023-003
- AMAZON-AL2/ALASPOSTGRESQL11-2023-003
- AMAZON-AL2/ALASPOSTGRESQL12-2023-004
- AMAZON-AL2/ALASPOSTGRESQL13-2023-003
- CVE-2021-32028
- https://attackerkb.com/topics/CVE-2021-32028
- CWE-200
- EUVD-EUVD-2021-18894
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-18894
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.