canonical ubuntu-linux CVE-2021-3677 vulnerability in Canonical and Other Products
Published on March 2, 2022

product logo product logo product logo product logo
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

Vendor Advisory NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2021-3677 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2021-3677

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3677 are published in these products:

Canonical Ubuntu Linux
 
PostgreSQL
 
Red Hat Virtualization
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Power Little Endian
 
Red Hat Enterprise Linux Ibm Z Systems
 
Fedora Project Fedora
 

Exploit Probability

EPSS
0.19%
Percentile
40.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.