1 min read

Mitigation Instructions for CVE-2019-10164

SUBJECT: CVE-2019-10164 Stack-based buffer overflow via setting a password

TECH STACK: PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4

DATE(S) ISSUED: 06/26/2019

NVD Last Modified: 10/02/2020



CVE-2019-10164 is a stack-based buffer overflow vulnerability that affects PostgreSQL versions 10.x before 10.9 and 11.x before 11.4.

In this vulnerability, any authenticated user can overflow a stack-based buffer by changing their own password to a specially crafted value. A buffer overflow occurs when more data is written to a buffer than it can handle, causing the excess data to overflow into adjacent memory spaces.

This vulnerability is particularly critical because it can often allow the execution of arbitrary code with the permissions of the PostgreSQL operating system account. Depending on the permissions of this account, an attacker could potentially take full control of the affected system, which might allow them to steal or modify data, disrupt system operation, or perform other unauthorized actions.


To mitigate this vulnerability, it is recommended to upgrade PostgreSQL to version 10.9 or later for 10.x versions and 11.4 or later for 11.x versions. These updated versions include a patch that fixes the buffer overflow issue.

Additionally, as with any system, it's a good practice to follow the principle of least privilege. This means giving each user account the minimum permissions necessary to perform its tasks. This can help to limit the potential damage if a vulnerability like this one is exploited.


Third Party Advisories:

  1. OpenSUSE Security Announcement
  2. Red Hat Bugzilla CVE-2019-10164
  3. Fedora Project Advisory 1
  4. Fedora Project Advisory 2
  5. Gentoo Security Advisory (GLSA-202003-03)
  6. PostgreSQL Official News Announcement

Confirmation & Additional Information:

  1. Red Hat Bugzilla Confirmation
  2. Fedora Project Confirmation 1
  3. Fedora Project Confirmation 2
  4. Gentoo Security Confirmation (GLSA-202003-03)
  5. PostgreSQL Official Security Information for CVE-2019-10164
  6. OpenSUSE Security Confirmation

Mitigation Instructions for CVE-2020-2021

SUBJECT:CVE-2020-2021: Improper Verification of Signatures in PAN-OS SAML Authentication

Read More

Mitigation Instructions for CVE-2019-1579

SUBJECT:CVE-2019-1579  Remote Code Execution in PAN-OS GlobalProtect Interface

Read More

Mitigation Instructions for CVE-2021-27065

SUBJECT:CVE-2021-27065 Microsoft Exchange Server Remote Code Execution Vulnerability (HAFNIUM Exploited)

Read More