Lucene search

K
redosRedosROS-20240911-02
HistorySep 11, 2024 - 12:00 a.m.

ROS-20240911-02

2024-09-1100:00:00
redos.red-soft.ru
43
postgresql
pg_dump
vulnerability
remote attackers
sql code
resource access

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

Low

A vulnerability in the pg_dump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource (race condition).
pointer due to competitive access to a resource (race condition). Exploitation of the vulnerability could
allow an attacker acting remotely to execute arbitrary SQL code on behalf of a user,
running pg_dump and provided the attacker keeps the transaction open.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64postgresql< 12.20-1UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

Low