AZL-70169

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70169.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-70169

Upstream

CVE-2025-12817

Published

2025-11-13T13:15:45Z

Modified

2026-04-21T04:36:20.710495Z

Summary

CVE-2025-12817 affecting package postgresql for versions less than 16.11-1

Details

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-12817

Affected packages

Azure Linux:3 / postgresql

Package

Name: postgresql
Purl: pkg:rpm/azure-linux/postgresql

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.11-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70169.json"