CVE-2023-39417

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-39417

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39417.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-39417

Aliases

BIT-postgresql-2023-39417

Downstream

ALPINE-CVE-2023-39417

DEBIAN-CVE-2023-39417

DLA-3600-1

DSA-5553-1

DSA-5554-1

OESA-2023-1567

OESA-2023-1568

OESA-2023-1576

OESA-2023-1577

OESA-2023-1578

OESA-2025-1335

RHSA-2023:7545

RHSA-2023:7579

RHSA-2023:7580

RHSA-2023:7581

RHSA-2023:7616

RHSA-2023:7656

RHSA-2023:7666

RHSA-2023:7667

RHSA-2023:7694

RHSA-2023:7695

RHSA-2023:7714

RHSA-2023:7770

RHSA-2023:7772

RHSA-2023:7784

RHSA-2023:7785

RHSA-2023:7883

RHSA-2023:7884

RHSA-2023:7885

RLSA-2023:7785

SUSE-SU-2023:3341-1

SUSE-SU-2023:3342-1

SUSE-SU-2023:3343-1

SUSE-SU-2023:3344-1

SUSE-SU-2023:3344-2

SUSE-SU-2023:3345-1

SUSE-SU-2023:3346-1

SUSE-SU-2023:3347-1

SUSE-SU-2023:3348-1

SUSE-SU-2023:3384-1

UBUNTU-CVE-2023-39417

USN-6296-1

USN-6366-1

openSUSE-SU-2024:13118-1

openSUSE-SU-2024:13119-1

openSUSE-SU-2024:13120-1

openSUSE-SU-2024:13134-1

openSUSE-SU-2024:13358-1

Related

Published

2023-08-11T13:15:09Z

Modified

2024-11-21T08:15:22Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

References

Affected packages