Description
Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209
Vendor Advisory x_refsource_confirm
https://www.postgresql.org/about/news/1960/
Scores
CVSS v3
2.2
EPSS
0.0044
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-125
CWE-200
Status
published
Products (1)
postgresql/postgresql
11.0 - 11.5
Published
Oct 29, 2019
Tracked Since
Feb 18, 2026