CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
66.3%
When the database server or libpq client library initializes SSL, libeay32.dll
attempts to read configuration from a hard-coded directory. Typically, the directory does not exist, but any local user could create it and inject configuration. This configuration can direct OpenSSL to load and execute arbitrary code as the user running a PostgreSQL server or client.
Most PostgreSQL client tools and libraries use libpq
, and one can encounter this vulnerability by using any of them. This vulnerability is much like CVE-2019-5443, but it originated independently. One can work around the vulnerability by setting environment variable OPENSSL_CONF to “NUL:/openssl.cnf” or any other name that cannot exist as a file.
The PostgreSQL project thanks Daniel Gustafsson of the curl security team for reporting this problem.
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | * | cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
66.3%