Описание
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
A flaw was found in PostgreSQL. This vulnerability allows a malicious user of the PostgreSQL server to inject arbitrary code in dump files created by pg_dump, pg_dumpall, pg_restore, and pg_upgrade, causing arbitrary code execution on the client machine or SQL injection when these dump files are restored by psql due to an improper neutralization of newlines.
Отчет
To exploit this flaw, a malicious PostgreSQL user needs to inject arbitrary code or the SQL injection payload in a database object name. The malicious code will only be executed on the client machine when a user restore the crafted dump file. Due to these reasons, this vulnerability has been rated with an Important severity.
Меры по смягчению последствий
Do not restore a dump file from a server or user you do not explicitly trust.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 8 | postgresql:12/postgresql | Affected | ||
| Red Hat Enterprise Linux 8 | postgresql:13/postgresql | Affected | ||
| Red Hat Enterprise Linux 8 | postgresql:15/postgresql | Affected | ||
| Red Hat Enterprise Linux 10 | postgresql16 | Fixed | RHSA-2025:14826 | 28.08.2025 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2025:14899 | 28.08.2025 |
| Red Hat Enterprise Linux 9 | postgresql | Fixed | RHSA-2025:14827 | 28.08.2025 |
| Red Hat Enterprise Linux 9 | postgresql | Fixed | RHSA-2025:14862 | 28.08.2025 |
| Red Hat Enterprise Linux 9 | postgresql | Fixed | RHSA-2025:14878 | 28.08.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
Improper neutralization of newlines in pg_dump in PostgreSQL allows a ...
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
Уязвимость утилиты pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3