CVE-2024-7348

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7348

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7348.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7348

Aliases

BIT-postgresql-2024-7348

Downstream

ALPINE-CVE-2024-7348

BELL-CVE-2024-7348

DEBIAN-CVE-2024-7348

DSA-5745-1

DSA-5746-1

MINI-8hc6-xmh7-p5wg

OESA-2024-1977

OESA-2024-2054

OESA-2024-2055

OESA-2024-2056

OESA-2025-1335

RHSA-2024:5927

RHSA-2024:5929

RHSA-2024:5999

RHSA-2024:6000

RHSA-2024:6001

RHSA-2024:6018

RHSA-2024:6020

RHSA-2024:6137

RHSA-2024:6138

RHSA-2024:6139

RHSA-2024:6140

RHSA-2024:6141

RHSA-2024:6142

RHSA-2024:6144

RHSA-2024:6145

RHSA-2024:6557

RHSA-2024:6558

RHSA-2024:6559

RHSA-2024:8495

RLSA-2024:5929

RLSA-2024:6001

RLSA-2024:6018

RLSA-2024:6020

SUSE-SU-2024:3153-1

SUSE-SU-2024:3154-1

SUSE-SU-2024:3158-1

SUSE-SU-2024:3158-2

SUSE-SU-2024:3158-3

SUSE-SU-2024:3159-1

SUSE-SU-2024:3159-2

SUSE-SU-2024:3160-1

SUSE-SU-2024:3168-1

SUSE-SU-2024:3169-1

SUSE-SU-2024:3170-1

SUSE-SU-2024:3171-1

SUSE-SU-2024:3181-1

SUSE-SU-2024:3191-1

SUSE-SU-2024:3192-1

SUSE-SU-2024:3224-1

UBUNTU-CVE-2024-7348

USN-6968-1

USN-6968-2

USN-6968-3

openSUSE-SU-2024:14348-1

openSUSE-SU-2024:14349-1

openSUSE-SU-2024:14350-1

openSUSE-SU-2024:14351-1

openSUSE-SU-2024:14360-1

openSUSE-SU-2024:14361-1

Related

Published

2024-08-08T13:15:14Z

Modified

2025-05-30T18:00:04Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Time-of-check Time-of-use (TOCTOU) race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.

References

Affected packages