ALPINE-CVE-2025-8713

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2025-8713

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-8713.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2025-8713

Upstream

CVE-2025-8713

Published

2025-08-14T13:15:37Z

Modified

2025-10-14T04:21:34.188745Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.

References

https://security.alpinelinux.org/vuln/CVE-2025-8713

Affected packages

Alpine:v3.19

postgresql15

Package

Name: postgresql15
Purl: pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.14-r0

Affected versions

15.*

15.1-r0

15.1-r1

15.2-r0

15.2-r1

15.2-r2

15.2-r3

15.2-r4

15.3-r0

15.3-r1

15.4-r0

15.4-r1

15.4-r2

15.5-r0

15.6-r0

15.7-r0

15.8-r0

15.9-r0

15.10-r0

15.11-r0

15.13-r0

postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.10-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.3-r0

16.4-r0

16.5-r0

16.6-r0

16.8-r0

16.9-r0

Alpine:v3.20

postgresql15

Package

Name: postgresql15
Purl: pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.14-r0

Affected versions

15.*

15.1-r0

15.1-r1

15.2-r0

15.2-r1

15.2-r2

15.2-r3

15.2-r4

15.3-r0

15.3-r1

15.4-r0

15.4-r1

15.4-r2

15.5-r0

15.6-r0

15.6-r1

15.6-r2

15.7-r0

15.8-r0

15.9-r0

15.10-r0

15.11-r0

15.13-r0

postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.10-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.2-r2

16.2-r3

16.2-r4

16.3-r0

16.4-r0

16.5-r0

16.6-r0

16.8-r0

16.9-r0

Alpine:v3.21

postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.10-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.2-r2

16.2-r3

16.2-r4

16.3-r0

16.3-r1

16.4-r0

16.4-r1

16.5-r0

16.6-r0

16.8-r0

16.9-r0

postgresql17

Package

Name: postgresql17
Purl: pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.6-r0

Affected versions

17.*

17.0-r0

17.0-r1

17.1-r0

17.2-r0

17.4-r0

17.5-r0

Alpine:v3.22

postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.10-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.2-r2

16.2-r3

16.2-r4

16.3-r0

16.3-r1

16.4-r0

16.4-r1

16.5-r0

16.6-r0

16.8-r0

16.8-r1

16.8-r2

16.8-r3

16.8-r4

16.9-r0

postgresql17

Package

Name: postgresql17
Purl: pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.6-r0

Affected versions

17.*

17.0-r0

17.0-r1

17.1-r0

17.2-r0

17.4-r0

17.4-r1

17.4-r2

17.4-r3

17.4-r4

17.5-r0