PostgreSQL TOCTOU Vulnerability (Aug 2024) - Windows

PostgreSQL is prone to a time-of-check time-of-use TOCTOU race condition vulnerability in pgdump. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Debian dsa-5745 : libecpg-compat3 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5745 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5745-1 [email protected] https://www.debian.org/security/ Moritz...

Debian dsa-5746 : libecpg-compat3 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5746 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5746-1 [email protected] https://www.debian.org/security/ Moritz...

DSA-5746-1 postgresql-13 - security update

Bulletin has no description...

CVE-2024-7348

creationtimestamp| type| source ---|---|--- 2024-08-08 16:24:06+00:00| seen| https://t.me/cvedetector/2789 2024-08-13 09:33:03+00:00| published-proof-of-concept| https://t.me/HackingInsights/9642 2024-08-13 19:07:22+00:00| exploited| https://t.me/truesecator/6089 2025-07-31 22:17:50+00:00| seen|...

ALPINE-CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

DEBIAN-CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

AZL-47690 CVE-2024-7348 affecting package postgresql for versions less than 14.13-1

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

AZL-47636 CVE-2024-7348 affecting package postgresql for versions less than 16.4-1

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348

TOCTOU race in pg_dump (CVE-2024-7348) allows the object creator to run arbitrary SQL functions as the pg_dump user (often a superuser) by replacing a relation type with a view or foreign table. The attack requires waiting for pg_dump to start; success is facilitated if an open transaction is hel...

CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL due to a competing...

KLA71453 ACE vulnerability in PostgreSQL

Time-of-check Time-of-use TOCTOU race condition vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories PostgreSQL: CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL Related products...

FreeBSD : PostgreSQL -- Prevent unauthorized code execution during pg_dump (48e6d514-5568-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 48e6d514-5568-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL...