Lucene search

K
osvGoogleOSV:USN-4633-1
HistoryNov 17, 2020 - 1:03 p.m.

postgresql-10, postgresql-12, postgresql-9.5 vulnerabilities

2020-11-1713:03:44
Google
osv.dev
6

8.6 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

Peter Eisentraut discovered that PostgreSQL incorrectly handled connection
security settings. Client applications could possibly be connecting with
certain security parameters dropped, contrary to expectations.
(CVE-2020-25694)

Etienne Stalmans discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox. An authenticated remote attacker
could possibly use this issue to execute arbitrary SQL functions as a
superuser. (CVE-2020-25695)

Nick Cleaton discovered that PostgreSQL incorrectly handled the \gset
meta-command. A remote attacker with a compromised server could possibly
use this issue to execute arbitrary code. (CVE-2020-25696)