CVE-2021-32029: 
PostgreSQL vulnerability analysis and mitigation

CVE-2021-32029 is a security vulnerability discovered in PostgreSQL that was disclosed on May 13, 2021. The vulnerability affects PostgreSQL versions 9.6.0 prior to 9.6.22, 10.0 prior to 10.17, 11.0 prior to 11.12, 12.0 prior to 12.7, and 13.0 prior to 13.3. This flaw allows an authenticated database user to read arbitrary bytes of server memory using an UPDATE ... RETURNING command on a purpose-crafted partitioned table (PostgreSQL Security).

The vulnerability has a CVSS v3.1 score of 6.5 (Medium) with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The attack can be executed by any authenticated database user who has the ability to create prerequisite objects. Users without CREATE and TEMPORARY privileges on all databases and CREATE privilege on all schemas typically cannot exploit this vulnerability at will (PostgreSQL Security).

The primary impact of this vulnerability is on data confidentiality. When successfully exploited, it allows attackers to read arbitrary bytes of server memory, potentially exposing sensitive information stored in the PostgreSQL server's memory space (NVD).

The vulnerability has been fixed in PostgreSQL versions 13.3, 12.7, and 11.12, released on May 13, 2021. Users are advised to upgrade to these or later versions to mitigate the vulnerability. The fixes were implemented through specific commits in the PostgreSQL codebase (Red Hat Bugzilla).