Описание
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pg_dump, pg_dumpall, and pg_restore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to untrusted data inclusion.
Отчет
To exploit this flaw, a PostgreSQL user with special privileges needs to inject arbitrary code in a dump file. The malicious code will only be executed on the client machine when a user restore the crafted dump file. Due to these reasons, this vulnerability has been rated with an Important severity. Additionally, pg_restore is affected only when used to generate a plain-format dump.
Меры по смягчению последствий
Do not restore a dump file from a server or user you do not explicitly trust.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 10 | postgresql16 | Fixed | RHSA-2025:14826 | 28.08.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | postgresql | Fixed | RHSA-2025:16099 | 17.09.2025 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2025:14899 | 28.08.2025 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2025:15021 | 02.09.2025 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2025:15022 | 02.09.2025 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2025:15115 | 03.09.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | postgresql | Fixed | RHSA-2025:15361 | 04.09.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | postgresql | Fixed | RHSA-2025:15034 | 02.09.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | postgresql | Fixed | RHSA-2025:15057 | 02.09.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious s ...
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
EPSS
8.8 High
CVSS3