3 matches found
Vulnerability in core server (CVE-2023-2454)
CREATE SCHEMA ... schemaelement defeats protective searchpath changes This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. The PostgreSQL...
Vulnerability in core server (CVE-2022-1552)
Autovacuum, REINDEX, and others omit "security restricted operation" sandbox Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck made incomplete efforts to operate safely when a privileged user is maintaining another user's objects. Those commands activated releva...
Vulnerability in core server (CVE-2019-10164)
Stack-based buffer overflow via setting a password An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as th...