Access of Uninitialized Pointer

CVE-2020-17446

High

9.8/10

Summary

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-824 - Access of Uninitialized Pointer

The program accesses or uses a pointer that has not been initialized.

References

Release Note
Advisory

Advisory Timeline

Published Aug 12, 2020

Access of Uninitialized Pointer

CVE-2020-17446

Summary

CWE-824 - Access of Uninitialized Pointer

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS