Описание
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pg_dump, pg_dumpall, and pg_restore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to untrusted data inclusion.
Отчет
To exploit this flaw, a PostgreSQL user with special privileges needs to inject arbitrary code in a dump file. The malicious code will only be executed on the client machine when a user restore the crafted dump file. Due to these reasons, this vulnerability has been rated with an Important severity. Additionally, pg_restore is affected only when used to generate a plain-format dump.
Меры по смягчению последствий
Do not restore a dump file from a server or user you do not explicitly trust.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 | postgresql | Affected | ||
| Red Hat Enterprise Linux 8 | postgresql:12/postgresql | Affected | ||
| Red Hat Enterprise Linux 8 | postgresql:13/postgresql | Affected | ||
| Red Hat Enterprise Linux 8 | postgresql:15/postgresql | Affected | ||
| Red Hat Enterprise Linux 10 | postgresql16 | Fixed | RHSA-2025:14826 | 28.08.2025 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2025:14899 | 28.08.2025 |
| Red Hat Enterprise Linux 9 | postgresql | Fixed | RHSA-2025:14827 | 28.08.2025 |
| Red Hat Enterprise Linux 9 | postgresql | Fixed | RHSA-2025:14862 | 28.08.2025 |
| Red Hat Enterprise Linux 9 | postgresql | Fixed | RHSA-2025:14878 | 28.08.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious s ...
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Уязвимость утилиты pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3