Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-12817

Опубликовано: 13 нояб. 2025
Источник: debian
EPSS Низкий

Описание

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
postgresql-18fixed18.1-1package
postgresql-17unfixedpackage
postgresql-15removedpackage
postgresql-13removedpackage
postgresql-13postponedbullseyepackage

Примечания

  • https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=5e4fcbe531c668b4112beedde97aac79724074c5 (master)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=00eb646ea43410e5df77fed96f4a981e66811796 (REL_18_1)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=e2fb3dfa817fbe89494a62c100e9cb442f4d6b15 (REL_17_7)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=2393d374ae9c0bc8327adc80fe4490edb05be167 (REL_15_15)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=8a2530ebcdef1aafa08ad1d019aec298dcebb952 (REL_13_23)

EPSS

Процентиль: 6%
0.00035
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-12817

CVSS3: 3.1
ubuntu
7 дней назад

[Check for CREATE privileges on the schema in CREATE STATISTICS]

nvd логотип

CVE-2025-12817

CVSS3: 3.1
nvd
6 дней назад

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

msrc логотип

CVE-2025-12817

CVSS3: 3.1
msrc
5 дней назад

PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

github логотип

GHSA-99qj-9hw7-85x8

CVSS3: 3.1
github
6 дней назад

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

fstec логотип

BDU:2025-14083

CVSS3: 3.1
fstec
7 дней назад

Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 6%
0.00035
Низкий