CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

RHSA-2023:7545
RHSA-2023:7579
RHSA-2023:7580
RHSA-2023:7581
RHSA-2023:7616
RHSA-2023:7656
RHSA-2023:7666
RHSA-2023:7667
RHSA-2023:7694
RHSA-2023:7695
RHSA-2023:7714
RHSA-2023:7770
RHSA-2023:7772
RHSA-2023:7784
RHSA-2023:7785
RHSA-2023:7883
RHSA-2023:7884
RHSA-2023:7885
RHSA-2024:0304
RHSA-2024:0332
RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-39417
RHBZ#2228111
https://www.postgresql.org/support/security/CVE-2023-39417
RHSA-2023:7545
https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
https://security.netapp.com/advisory/ntap-20230915-0002/
https://www.debian.org/security/2023/dsa-5553
https://www.debian.org/security/2023/dsa-5554
https://www.postgresql.org/support/security/CVE-2023-39417
RHBZ#2228111
https://access.redhat.com/security/cve/CVE-2023-39417
RHSA-2024:0337
RHSA-2024:0332
RHSA-2024:0304
RHSA-2023:7885
RHSA-2023:7884
RHSA-2023:7883
RHSA-2023:7785
RHSA-2023:7784
RHSA-2023:7772
RHSA-2023:7770
RHSA-2023:7714
RHSA-2023:7695
RHSA-2023:7694
RHSA-2023:7667
RHSA-2023:7666
RHSA-2023:7656
RHSA-2023:7616
RHSA-2023:7581
RHSA-2023:7580
RHSA-2023:7579

Published: 2023-08-11
Modified: 2024-12-06

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References: