Severity
High
Vendor
PostgreSQL Global Development Group
Affected Cloud Foundry Products and Versions
- BOSH
- 270 versions prior to v270.4.0
- CF Deployment
- All versions prior to v11.0.0
- UAA
- All versions prior to v74.0.0
Description
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user’s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- BOSH
- Upgrade 270 versions to v270.4.0 or greater
- CF Deployment
- Upgrade All versions to v11.0.0 or greater
- UAA
- Upgrade All versions to v74.0.0 or greater
History
2019-08-20: Initial vulnerability report published.
