postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

Ubuntu: Security Advisory (USN-7908-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : PostgreSQL vulnerabilities (USN-7908-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7908-1 advisory. Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command did not correctly check for schema CREATE...

USN-7908-1 postgresql-14, postgresql-16, postgresql-17 vulnerabilities

Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command did not correctly check for schema CREATE privileges. An authenticated attacker could possibly use this issue to create a denial of service against other CREATE STATISTICS users. CVE-2025-12817 Aleksey Solovev discovered...

USN-7908-1: PostgreSQL vulnerabilities

Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command did not correctly check for schema CREATE privileges. An authenticated attacker could possibly use this issue to create a denial of service against other CREATE STATISTICS users. CVE-2025-12817 Aleksey Solovev discovered...

BIT-POSTGRESQL-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

PostgreSQL 13.x < 13.23 / 14.x < 14.20 / 15.x < 15.15 / 16.x < 16.11 / 17.x < 17.7 / 18.x < 18.1 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 13 prior to 13.23, 14 prior to 14.20, 15 prior to 15.15, 16 prior to 16.11, 17 prior to 17.7, or 18 prior to 18.1. As such, it is potentially affected by multiple vulnerabilities: - Integer wraparound in multiple PostgreSQL libpq client...

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege. CVE-2025-12817 PostgreSQL libpq undersizes allocations, via integer wraparound. CVE-2025-12818...

CVE-2025-12817

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

...

SUSE CVE-2025-12817

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

EUVD-2025-169292

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

AZL-70396 CVE-2025-12817 affecting package postgresql for versions less than 14.20-1

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

AZL-70169 CVE-2025-12817 affecting package postgresql for versions less than 16.11-1

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

CVE-2025-12817

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

UBUNTU-CVE-2025-12817

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

CVE-2025-12817

CVE-2025-12817 is addressed in multiple PostgreSQL security advisories. The issue is missing authorization in CREATE STATISTICS, allowing a table owner to cause denial of service for other CREATE STATISTICS users by creating in any schema; a subsequent CREATE STATISTICS using the same name can fa...

CVE-2025-12817

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

CVE-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

CVE-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...