Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 688420 (CVE-2019-10164) - <dev-db/postgresql-{11.4,10.9}: Stack-based buffer overflow via setting a password (CVE-2019-10164)
Summary: <dev-db/postgresql-{11.4,10.9}: Stack-based buffer overflow via setting a pas...
Alias: CVE-2019-10164
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa+ cve]
Depends on:
Reported: 2019-06-21 00:18 UTC by Aaron W. Swenson
Modified: 2020-03-12 20:23 UTC (History)
1 user (show)

See Also:
Package list:
dev-db/postgresql-11.4 alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 dev-db/postgresql-10.9 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Runtime testing required: No
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Aaron W. Swenson gentoo-dev 2019-06-21 00:18:29 UTC
Major versions prior to 10 are unaffected.

Stabilization targets:
=dev-db/postgresql-11.4 ~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86
=dev-db/postgresql-10.9 ~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86

Note: arm64 stabilization was introduced with 11.3.


CVE-2019-10164: Stack-based buffer overflow via setting a password

Versions affected: 10, 11, 12 beta.

An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account.

Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account.

This issue is fixed by upgrading and restarting your PostgreSQL server as well as your libpq installations. All users running PostgreSQL 10, 11, and 12 beta are encouraged to upgrade as soon as possible.

The PostgreSQL Project thanks Alexander Lakhin for reporting this problem.
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2019-06-22 10:31:14 UTC
ia64 stable
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2019-06-22 10:33:18 UTC
ppc stable
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2019-06-22 10:35:06 UTC
ppc64 stable
Comment 4 Rolf Eike Beer archtester 2019-06-23 10:31:04 UTC
sparc stable
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-06-23 12:23:29 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-06-26 06:51:01 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-06-27 13:29:55 UTC
alpha stable
Comment 8 Aaron Bauman (RETIRED) gentoo-dev 2019-07-22 16:08:34 UTC
arm64 stable
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-07-28 20:12:54 UTC
arm stable
Comment 10 Larry the Git Cow gentoo-dev 2019-07-29 10:31:58 UTC
The bug has been referenced in the following commit(s):

commit 4fa4501da1e923eaac0bb9af33e5ea979f539263
Author:     Aaron W. Swenson <>
AuthorDate: 2019-07-29 10:31:28 +0000
Commit:     Aaron W. Swenson <>
CommitDate: 2019-07-29 10:31:45 +0000

    dev-db/postgresql: Cleanup insecure
    Package-Manager: Portage-2.3.66, Repoman-2.3.11
    Signed-off-by: Aaron W. Swenson <>

 dev-db/postgresql/Manifest                  |   2 -
 dev-db/postgresql/postgresql-10.8-r1.ebuild | 466 ---------------------------
 dev-db/postgresql/postgresql-10.8.ebuild    | 460 ---------------------------
 dev-db/postgresql/postgresql-11.3-r1.ebuild | 468 ----------------------------
 dev-db/postgresql/postgresql-11.3.ebuild    | 460 ---------------------------
 5 files changed, 1856 deletions(-)
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-26 23:57:34 UTC
New GLSA request filed.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2020-03-12 20:23:36 UTC
This issue was resolved and addressed in
 GLSA 202003-03 at
by GLSA coordinator Thomas Deutschmann (whissi).