CVE-2023-5869 – Postgresql: buffer overrun from integer overflow in array modification
https://notcve.org/view.php?id=CVE-2023-5869
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. Se encontró una falla en PostgreSQL que permite a los usuarios de bases de datos autenticados ejecutar código arbitrario al faltar verificaciones de desbordamiento durante la modificación del valor de la matriz SQL. Este problema existe debido a un desbordamiento de enteros durante la modificación de la matriz, donde un usuario remoto puede desencadenar el desbordamiento proporcionando datos especialmente manipulados. • https://access.redhat.com/errata/RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7694 https://access.redhat.com/errata/RHSA • CWE-190: Integer Overflow or Wraparound •
CVE-2022-2625 – postgresql: Extension scripts replace objects not belonging to the extension.
https://notcve.org/view.php?id=CVE-2022-2625
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser. Se ha encontrado una vulnerabilidad en PostgreSQL. Este ataque requiere permiso para crear objetos no temporales en al menos un esquema, la capacidad de atraer o esperar que un administrador cree o actualice una extensión afectada en ese esquema, y la capacidad de atraer o esperar que una víctima utilice el objeto objetivo en CREATE OR REPLACE o CREATE IF NOT EXISTS. • https://bugzilla.redhat.com/show_bug.cgi?id=2113825 https://security.gentoo.org/glsa/202211-04 https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496 https://access.redhat.com/security/cve/CVE-2022-2625 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2021-23214 – postgresql: server processes unencrypted bytes from man-in-the-middle
https://notcve.org/view.php?id=CVE-2021-23214
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. Cuando el servidor está configurado para usar la autenticación confiable con un requisito de clientcert o para usar la autenticación de cert, un atacante de tipo man-in-the-middle puede inyectar consultas SQL arbitrarias cuando es establecida una conexión por primera vez, a pesar del uso de la verificación y el cifrado del certificado SSL It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands. • https://bugzilla.redhat.com/show_bug.cgi?id=2022666 https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951 https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951 https://security.gentoo.org/glsa/202211-04 https://www.postgresql.org/support/security/CVE-2021-23214 https://access.redhat.com/security/cve/CVE-2021-23214 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-3677 – postgresql: memory disclosure in certain queries
https://notcve.org/view.php?id=CVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. • https://bugzilla.redhat.com/show_bug.cgi?id=2001857 https://security.gentoo.org/glsa/202211-04 https://security.netapp.com/advisory/ntap-20220407-0008 https://www.postgresql.org/support/security/CVE-2021-3677 https://access.redhat.com/security/cve/CVE-2021-3677 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-32027 – postgresql: Buffer overrun from integer overflow in array subscripting calculations
https://notcve.org/view.php?id=CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en postgresql en las versiones anteriores a 13.3, versiones anteriores a 12.7, versiones anteriores a 11.12, versiones anteriores a 10.17 y versiones anteriores a 9.6.22. Cuando se modifican determinados valores de matrices SQL, una falta de comprobación de límites permite a usuarios autentificados de la base de datos escribir bytes arbitrarios en una amplia zona de la memoria del servidor. • https://bugzilla.redhat.com/show_bug.cgi?id=1956876 https://security.gentoo.org/glsa/202211-04 https://security.netapp.com/advisory/ntap-20210713-0004 https://www.postgresql.org/support/security/CVE-2021-32027 https://access.redhat.com/security/cve/CVE-2021-32027 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •