CVEs-PoC/2021/CVE-2021-32028.md

### [CVE-2021-32028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32028)
![](https://img.shields.io/static/v1?label=Product&message=postgresql&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=postgresql%2013.3%2C%20postgresql%2012.7%2C%20postgresql%2011.12%2C%20postgresql%2010.17%2C%20postgresql%209.6.22%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200&color=brightgreen)

### Description

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/pedr0alencar/vlab-metasploitable2