FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PostgreSQL -- Memory disclosure in partitioned-table UPDATE ... RETURNING

Affected packages
postgresql13-server < 13.3
postgresql12-server < 12.7
postgresql11-server < 11.12


VuXML ID 76e0bb86-b4cb-11eb-b9c9-6cc21735f730
Discovery 2021-05-13
Entry 2021-05-14

The PostgreSQL project reports:

Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas typically cannot use this attack at will.