Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7548

Опубликовано: 10 авг. 2017
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

An authorization flaw was found in the way PostgreSQL handled large objects. A remote, authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5rh-postgresql94-postgresqlNot affected
CloudForms Management Engine 5rh-postgresql95-postgresqlNot affected
Red Hat Enterprise Linux 5postgresqlNot affected
Red Hat Enterprise Linux 5postgresql84Not affected
Red Hat Enterprise Linux 6postgresqlNot affected
Red Hat Enterprise Linux 7postgresqlNot affected
Red Hat Satellite 5postgresql92-postgresqlNot affected
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-postgresql95-postgresqlFixedRHSA-2017:267712.09.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-postgresql94-postgresqlFixedRHSA-2017:267812.09.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-postgresql95-postgresqlFixedRHSA-2017:267712.09.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-862
https://bugzilla.redhat.com/show_bug.cgi?id=1477187postgresql: lo_put() function ignores ACLs

EPSS

Процентиль: 75%
0.00927
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-7548

CVSS3: 7.5
ubuntu
почти 8 лет назад

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

nvd логотип

CVE-2017-7548

CVSS3: 7.5
nvd
почти 8 лет назад

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

debian логотип

CVE-2017-7548

CVSS3: 7.5
debian
почти 8 лет назад

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to a ...

github логотип

GHSA-mmxj-523q-gvxr

CVSS3: 7.5
github
около 3 лет назад

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

fstec логотип

BDU:2017-02036

fstec
около 8 лет назад

Уязвимость системы управления базами данных PostgreSQL, вызванная недостатками авторизации, позволяющая нарушителю вызвать отказ системы

EPSS

Процентиль: 75%
0.00927
Низкий

5.4 Medium

CVSS3