CVE-2024-0985

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-0985
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0985.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0985
Aliases
Related
Published
2024-02-08T13:15:08Z
Modified
2025-05-30T20:59:55.452854Z
Downstream
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.

References

Affected packages

Alpine:v3.16 / postgresql13

Package

Name
postgresql13
Purl
pkg:apk/alpine/postgresql13?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.14-r0

Affected versions

13.*

13.5-r0
13.5-r1
13.5-r2
13.6-r0
13.6-r1
13.6-r2
13.6-r3
13.7-r0
13.7-r1
13.8-r0
13.10-r0
13.11-r0
13.12-r0
13.13-r0

Alpine:v3.16 / postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.11-r0

Affected versions

8.*

8.3.5-r0
8.3.7-r0
8.3.7-r1
8.3.7-r2
8.3.7-r3
8.4.0-r0
8.4.0-r1
8.4.0-r2
8.4.1-r0
8.4.1-r1
8.4.2-r0
8.4.2-r1
8.4.3-r0
8.4.3-r1
8.4.3-r2
8.4.3-r3
8.4.4-r0

9.*

9.0.1-r0
9.0.2-r0
9.0.3-r0
9.0.3-r1
9.0.4-r0
9.1.0-r0
9.1.0-r1
9.1.1-r0
9.1.1-r1
9.1.1-r2
9.1.2-r0
9.1.2-r1
9.1.2-r2
9.1.3-r0
9.1.4-r0
9.1.5-r0
9.2.0-r0
9.2.0-r1
9.2.1-r0
9.2.1-r1
9.2.1-r2
9.2.2-r0
9.2.3-r0
9.2.4-r0
9.3.0-r0
9.3.0-r1
9.3.0-r2
9.3.1-r0
9.3.2-r0
9.3.3-r0
9.3.3-r1
9.3.3-r2
9.3.4-r0
9.3.4-r1
9.3.5-r0
9.3.5-r1
9.4.0-r0
9.4.1-r0
9.4.1-r1
9.4.1-r2
9.4.1-r3
9.4.2-r0
9.4.3-r0
9.4.4-r0
9.4.5-r0
9.4.5-r1
9.5.0-r0
9.5.1-r0
9.5.2-r0
9.5.2-r1
9.5.2-r2
9.5.2-r3
9.5.2-r4
9.5.3-r0
9.5.3-r1
9.5.4-r0
9.6.0-r0
9.6.0-r1
9.6.1-r0
9.6.1-r1
9.6.2-r0
9.6.2-r1
9.6.2-r2
9.6.2-r3
9.6.2-r4
9.6.3-r0
9.6.4-r0
9.6.4-r1
9.6.5-r0
9.6.5-r1

10.*

10.0-r0
10.0-r1
10.1-r0
10.1-r1
10.1-r2
10.2-r0
10.3-r0
10.3-r1
10.4-r0
10.5-r0

11.*

11.0-r0
11.0-r1
11.1-r0
11.2-r0
11.2-r1
11.3-r0
11.3-r1
11.3-r2
11.4-r0
11.4-r1
11.5-r0
11.5-r1
11.5-r2

12.*

12.0-r0
12.0-r1
12.1-r0
12.1-r1
12.1-r2
12.2-r0
12.2-r1
12.2-r2
12.2-r3
12.3-r0
12.3-r1
12.3-r2
12.4-r0
12.4-r1
12.5-r0
12.5-r1

13.*

13.1-r0
13.1-r1
13.1-r2
13.2-r0
13.2-r1
13.2-r2
13.2-r3
13.2-r4
13.3-r0
13.3-r1
13.4-r0
13.4-r1
13.4-r2

14.*

14.0-r0
14.0-r2
14.0-r3
14.0-r4
14.0-r5
14.0-r6
14.1-r0
14.1-r1
14.1-r2
14.1-r3
14.1-r4
14.1-r5
14.1-r6
14.1-r7
14.2-r0
14.2-r1
14.2-r2
14.2-r3
14.3-r0
14.4-r0
14.4-r1
14.5-r0
14.7-r0
14.8-r0
14.9-r0
14.10-r0

Alpine:v3.17 / postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.11-r0

Affected versions

8.*

8.3.5-r0
8.3.7-r0
8.3.7-r1
8.3.7-r2
8.3.7-r3
8.4.0-r0
8.4.0-r1
8.4.0-r2
8.4.1-r0
8.4.1-r1
8.4.2-r0
8.4.2-r1
8.4.3-r0
8.4.3-r1
8.4.3-r2
8.4.3-r3
8.4.4-r0

9.*

9.0.1-r0
9.0.2-r0
9.0.3-r0
9.0.3-r1
9.0.4-r0
9.1.0-r0
9.1.0-r1
9.1.1-r0
9.1.1-r1
9.1.1-r2
9.1.2-r0
9.1.2-r1
9.1.2-r2
9.1.3-r0
9.1.4-r0
9.1.5-r0
9.2.0-r0
9.2.0-r1
9.2.1-r0
9.2.1-r1
9.2.1-r2
9.2.2-r0
9.2.3-r0
9.2.4-r0
9.3.0-r0
9.3.0-r1
9.3.0-r2
9.3.1-r0
9.3.2-r0
9.3.3-r0
9.3.3-r1
9.3.3-r2
9.3.4-r0
9.3.4-r1
9.3.5-r0
9.3.5-r1
9.4.0-r0
9.4.1-r0
9.4.1-r1
9.4.1-r2
9.4.1-r3
9.4.2-r0
9.4.3-r0
9.4.4-r0
9.4.5-r0
9.4.5-r1
9.5.0-r0
9.5.1-r0
9.5.2-r0
9.5.2-r1
9.5.2-r2
9.5.2-r3
9.5.2-r4
9.5.3-r0
9.5.3-r1
9.5.4-r0
9.6.0-r0
9.6.0-r1
9.6.1-r0
9.6.1-r1
9.6.2-r0
9.6.2-r1
9.6.2-r2
9.6.2-r3
9.6.2-r4
9.6.3-r0
9.6.4-r0
9.6.4-r1
9.6.5-r0
9.6.5-r1

10.*

10.0-r0
10.0-r1
10.1-r0
10.1-r1
10.1-r2
10.2-r0
10.3-r0
10.3-r1
10.4-r0
10.5-r0

11.*

11.0-r0
11.0-r1
11.1-r0
11.2-r0
11.2-r1
11.3-r0
11.3-r1
11.3-r2
11.4-r0
11.4-r1
11.5-r0
11.5-r1
11.5-r2

12.*

12.0-r0
12.0-r1
12.1-r0
12.1-r1
12.1-r2
12.2-r0
12.2-r1
12.2-r2
12.2-r3
12.3-r0
12.3-r1
12.3-r2
12.4-r0
12.4-r1
12.5-r0
12.5-r1

13.*

13.1-r0
13.1-r1
13.1-r2
13.2-r0
13.2-r1
13.2-r2
13.2-r3
13.2-r4
13.3-r0
13.3-r1
13.4-r0
13.4-r1
13.4-r2

14.*

14.0-r0
14.0-r2
14.0-r3
14.0-r4
14.0-r5
14.0-r6
14.1-r0
14.1-r1
14.1-r2
14.1-r3
14.1-r4
14.1-r5
14.1-r6
14.1-r7
14.2-r0
14.2-r1
14.2-r2
14.2-r3
14.3-r0
14.3-r1
14.4-r0
14.4-r1
14.4-r2
14.5-r0
14.5-r1
14.5-r2
14.5-r3
14.6-r0
14.6-r1
14.7-r0
14.8-r0
14.9-r0
14.10-r0

Alpine:v3.17 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.6-r0

Affected versions

15.*

15.1-r0
15.2-r0
15.3-r0
15.4-r0
15.5-r0

Alpine:v3.18 / postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.11-r0

Affected versions

8.*

8.3.5-r0
8.3.7-r0
8.3.7-r1
8.3.7-r2
8.3.7-r3
8.4.0-r0
8.4.0-r1
8.4.0-r2
8.4.1-r0
8.4.1-r1
8.4.2-r0
8.4.2-r1
8.4.3-r0
8.4.3-r1
8.4.3-r2
8.4.3-r3
8.4.4-r0

9.*

9.0.1-r0
9.0.2-r0
9.0.3-r0
9.0.3-r1
9.0.4-r0
9.1.0-r0
9.1.0-r1
9.1.1-r0
9.1.1-r1
9.1.1-r2
9.1.2-r0
9.1.2-r1
9.1.2-r2
9.1.3-r0
9.1.4-r0
9.1.5-r0
9.2.0-r0
9.2.0-r1
9.2.1-r0
9.2.1-r1
9.2.1-r2
9.2.2-r0
9.2.3-r0
9.2.4-r0
9.3.0-r0
9.3.0-r1
9.3.0-r2
9.3.1-r0
9.3.2-r0
9.3.3-r0
9.3.3-r1
9.3.3-r2
9.3.4-r0
9.3.4-r1
9.3.5-r0
9.3.5-r1
9.4.0-r0
9.4.1-r0
9.4.1-r1
9.4.1-r2
9.4.1-r3
9.4.2-r0
9.4.3-r0
9.4.4-r0
9.4.5-r0
9.4.5-r1
9.5.0-r0
9.5.1-r0
9.5.2-r0
9.5.2-r1
9.5.2-r2
9.5.2-r3
9.5.2-r4
9.5.3-r0
9.5.3-r1
9.5.4-r0
9.6.0-r0
9.6.0-r1
9.6.1-r0
9.6.1-r1
9.6.2-r0
9.6.2-r1
9.6.2-r2
9.6.2-r3
9.6.2-r4
9.6.3-r0
9.6.4-r0
9.6.4-r1
9.6.5-r0
9.6.5-r1

10.*

10.0-r0
10.0-r1
10.1-r0
10.1-r1
10.1-r2
10.2-r0
10.3-r0
10.3-r1
10.4-r0
10.5-r0

11.*

11.0-r0
11.0-r1
11.1-r0
11.2-r0
11.2-r1
11.3-r0
11.3-r1
11.3-r2
11.4-r0
11.4-r1
11.5-r0
11.5-r1
11.5-r2

12.*

12.0-r0
12.0-r1
12.1-r0
12.1-r1
12.1-r2
12.2-r0
12.2-r1
12.2-r2
12.2-r3
12.3-r0
12.3-r1
12.3-r2
12.4-r0
12.4-r1
12.5-r0
12.5-r1

13.*

13.1-r0
13.1-r1
13.1-r2
13.2-r0
13.2-r1
13.2-r2
13.2-r3
13.2-r4
13.3-r0
13.3-r1
13.4-r0
13.4-r1
13.4-r2

14.*

14.0-r0
14.0-r2
14.0-r3
14.0-r4
14.0-r5
14.0-r6
14.1-r0
14.1-r1
14.1-r2
14.1-r3
14.1-r4
14.1-r5
14.1-r6
14.1-r7
14.2-r0
14.2-r1
14.2-r2
14.2-r3
14.3-r0
14.3-r1
14.4-r0
14.4-r1
14.4-r2
14.5-r0
14.5-r1
14.5-r2
14.5-r3
14.6-r0
14.6-r1
14.7-r0
14.7-r1
14.7-r2
14.7-r3
14.7-r4
14.8-r0
14.9-r0
14.10-r0

Alpine:v3.18 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.6-r0

Affected versions

15.*

15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.4-r0
15.5-r0

Alpine:v3.19 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.6-r0

Affected versions

15.*

15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.3-r1
15.4-r0
15.4-r1
15.4-r2
15.5-r0

Alpine:v3.19 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.2-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0

Alpine:v3.20 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.6-r0

Affected versions

15.*

15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.3-r1
15.4-r0
15.4-r1
15.4-r2
15.5-r0

Alpine:v3.20 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.2-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0

Alpine:v3.21 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.2-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0

Alpine:v3.22 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.2-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0

Debian:11 / postgresql-13

Package

Name
postgresql-13
Purl
pkg:deb/debian/postgresql-13?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.14-0+deb11u1

Affected versions

13.*

13.3-1
13.4-0+deb11u1
13.4-1
13.4-2
13.4-3
13.5-0+deb11u1
13.7-0+deb11u1
13.8-0+deb11u1
13.9-0+deb11u1
13.10-0+deb11u1
13.11-0+deb11u1
13.12-0+deb11u1
13.13-0+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / postgresql-15

Package

Name
postgresql-15
Purl
pkg:deb/debian/postgresql-15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.6-0+deb12u1

Affected versions

15.*

15.3-0+deb12u1
15.3-1
15.4-0+deb12u1
15.4-1
15.4-2
15.4-3
15.5-0+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}