Vulnerability CVE-2018-1052

Vulnerability Name:

CVE-2018-1052 (CCN-138941)

Assigned:

2017-12-04

Published:

2018-02-08

Updated:

2019-10-09

Summary:

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2018-1052

Source: BID
Type: Third Party Advisory, VDB Entry
102987

Source: CCN
Type: BID-102987
PostgreSQL CVE-2018-1052 Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
postgresql-cve20181052-info-disc(138941)

Source: CCN
Type: PostgreSQL Web site
PostgreSQL 10.2, 9.6.7, 9.5.11, 9.4.16, and 9.3.21 released!

Source: CONFIRM
Type: Patch, Release Notes, Vendor Advisory
https://www.postgresql.org/about/news/1829/

Vulnerable Configuration:

Configuration 1:

cpe:/a:postgresql:postgresql:10.0:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.4.14:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:9.3.19:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20181052	V	CVE-2018-1052	2022-09-02
oval:org.opensuse.security:def:183	P	libpoppler-cpp0-0.79.0-3.3.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1513	P	Security update for pidgin (Important)	2022-05-16
oval:org.opensuse.security:def:94236	P	(Important)	2022-05-16
oval:org.opensuse.security:def:472	P	Security update for pgadmin4 (Important)	2022-05-04
oval:org.opensuse.security:def:991	P	Security update for buildah (Moderate)	2022-04-27
oval:org.opensuse.security:def:862	P	Security update for mutt (Moderate)	2022-04-25
oval:org.opensuse.security:def:113156	P	postgresql10-10.18-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:49303	P	Security update for python-Babel (Important)	2021-12-22
oval:org.opensuse.security:def:1649	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:64633	P	Security update for gmp (Moderate)	2021-12-06
oval:org.opensuse.security:def:1045	P	Security update for MozillaFirefox (Important)	2021-11-19
oval:org.opensuse.security:def:69954	P	Security update for samba (Important)	2021-11-16
oval:org.opensuse.security:def:68067	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)	2021-10-14
oval:org.opensuse.security:def:106583	P	postgresql10-10.18-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:71420	P	xorg-x11-7.6_1-1.22 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103371	P	libpq5-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89716	P	libpq5-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96681	P	libpq5-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103702	P	libecpg6-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:90047	P	libecpg6-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61561	P	libpq5-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97012	P	libecpg6-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:63212	P	libecpg6-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71302	P	libpq5-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2123	P	libecpg6-10.6-6.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71307	P	libqpdf21-8.0.2-1.5 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:66905	P	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)	2021-08-23
oval:org.opensuse.security:def:47648	P	jakarta-commons-fileupload-1.1.1-120.113 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47567	P	binutils-2.31-9.26.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47619	P	giflib-progs-5.0.5-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47546	P	aaa_base-13.2+git20140911.61c1681-38.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47841	P	pam-modules-12.1-23.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47581	P	crash-7.2.1-2.19 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47703	P	libevent-2_0-5-2.0.21-6.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47694	P	libasan2-32bit-5.3.1+r233831-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47973	P	colord-gtk-lang-0.1.26-6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47702	P	libecpg6-10.5-1.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47861	P	procmail-3.22-269.3.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47765	P	libpng15-15-1.5.22-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46993	P	libXfont1-1.5.1-10.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47908	P	ucode-intel-20180807a-13.35.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48065	P	libICE6-1.0.8-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47895	P	sudo-1.8.20p2-3.7.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47932	P	yast2-users-3.2.17-1.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47830	P	mozilla-nspr-32bit-4.13.1-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46994	P	libXi6-1.7.4-9.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47992	P	dnsmasq-2.78-18.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48213	P	libusbmuxd4-1.0.10-2.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48027	P	gpg2-2.0.24-9.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47033	P	libjansson4-2.7-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48150	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47008	P	libarchive13-3.1.2-22.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48054	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47512	P	sysvinit-tools-2.88+-99.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48119	P	libgraphite2-3-1.3.1-10.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47165	P	tar-1.27.1-8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48221	P	libvte9-0.28.2-19.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47129	P	pigz-2.3-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47513	P	tar-1.27.1-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48267	P	perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47257	P	ft2demos-2.6.3-7.10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47322	P	libXt6-1.1.4-3.57 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47527	P	wpa_supplicant-2.2-14.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47566	P	bind-9.11.2-1.24 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47405	P	libruby2_1-2_1-2.1.9-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47454	P	openvswitch-2.7.0-2.29 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:63100	P	postgresql10-10.16-8.29.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2011	P	postgresql10-10.16-8.29.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100949	P	libosinfo-1.7.1-1.52 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:70261	P	Security update for qemu (Important)	2021-07-23
oval:org.opensuse.security:def:100631	P	(Important)	2021-06-23
oval:org.opensuse.security:def:64720	P	Security update for apache2 (Important)	2021-06-22
oval:org.opensuse.security:def:48692	P	libraw9-0.15.4-3.88 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48565	P	libvirt-2.0.0-26.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46704	P	libXinerama1-1.1.3-3.55 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48859	P	libmysqlclient_r18-10.0.30-28.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48723	P	gnome-online-accounts-3.10.5-1.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48913	P	imobiledevice-tools-1.2.0-7.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48627	P	stunnel-5.00-3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61272	P	libpq5-10.3-2.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46705	P	libXp6-1.0.2-3.58 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48794	P	libndp0-1.6-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46719	P	libdcerpc-binding0-32bit-4.2.4-4.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:66813	P	Security update for 389-ds (Moderate)	2021-06-08
oval:org.opensuse.security:def:71013	P	libpq5-10.3-2.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46840	P	ruby-2.1-1.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70959	P	libXvMC-devel-1.0.10-1.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48427	P	git-core-1.8.5.6-18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48638	P	unixODBC-2.3.4-6.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71072	P	perl-HTML-Parser-3.72-1.26 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48511	P	libjbig2-2.0-12.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48570	P	libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48669	P	finch-2.10.9-5.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48624	P	squid-3.5.21-23.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48573	P	libzip2-0.11.1-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48481	P	libapr1-1.5.1-2.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48740	P	libpolkit0-32bit-0.113-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:69849	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:1567	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:73596	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:67967	P	Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP1) (Important)	2021-04-07
oval:org.opensuse.security:def:2205	P	postgresql10-contrib-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63158	P	libecpg6-10.3-2.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116855	P	postgresql10-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2069	P	libecpg6-10.3-2.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107297	P	postgresql10-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117173	P	postgresql10-contrib-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93918	P	postgresql10-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61951	P	postgresql10-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63294	P	postgresql10-contrib-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71692	P	postgresql10-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107615	P	postgresql10-contrib-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:66506	P	libpango-1_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73171	P	liblcms2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50036	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64372	P	libpq5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73289	P	postgresql10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49249	P	libudisks2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73478	P	wavpack on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67719	P	libpq5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70156	P	checkbashisms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64285	P	kdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67619	P	grub2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49900	P	aws-cli on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50008	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66598	P	postgresql10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49954	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50090	P	postgresql10-contrib on GA media (Moderate)	2020-12-01
oval:com.ubuntu.artful:def:20181052000	V	CVE-2018-1052 on Ubuntu 17.10 (artful) - medium.	2018-02-09
oval:com.ubuntu.trusty:def:20181052000	V	CVE-2018-1052 on Ubuntu 14.04 LTS (trusty) - medium.	2018-02-09

BACK