Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-12817

Опубликовано: 13 нояб. 2025
Источник: ubuntu
Приоритет: medium
CVSS3: 3.1

Описание

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

needs-triage

jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

needs-triage

jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

DNE

jammy

released

14.20-0ubuntu0.22.04.1
noble

DNE

plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

jammy

DNE

noble

released

16.11-0ubuntu0.24.04.1
plucky

DNE

questing

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

deferred

2026-01-05
jammy

DNE

noble

DNE

plucky

released

17.7-0ubuntu0.25.04.1
questing

released

17.7-0ubuntu0.25.10.1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

released

18.1-1ubuntu1
jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

released

18.1

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

deferred

2019-08-23
jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

ignored

end of life

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/xenial

needs-triage

jammy

DNE

noble

DNE

plucky

DNE

questing

DNE

upstream

ignored

end of life

Показывать по

Ссылки на источники

3.1 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-12817

CVSS3: 3.1
nvd
3 месяца назад

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

msrc логотип

CVE-2025-12817

CVSS3: 3.1
msrc
3 месяца назад

PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege

debian логотип

CVE-2025-12817

CVSS3: 3.1
debian
3 месяца назад

Missing authorization in PostgreSQL CREATE STATISTICS command allows a ...

github логотип

GHSA-99qj-9hw7-85x8

CVSS3: 3.1
github
3 месяца назад

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

fstec логотип

BDU:2025-14083

CVSS3: 3.1
fstec
3 месяца назад

Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании

3.1 Low

CVSS3