In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible for operators not purpose-crafted for attack to have the properties that enable an attack, but we are not aware of specific examples.
The PostgreSQL project thanks Andreas Seltenreich for reporting this problem.
|Affected Version||Fixed In||Fix Published|
If you wish to report a new security vulnerability in PostgreSQL, please send an email to firstname.lastname@example.org.
For reporting non-security bugs, please see the Report a Bug page.