CVE-2017-7548
postgresql: lo_put() function ignores ACLs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.
PostgreSQL en sus versiones anteriores a 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autorización que permite que atacantes remotos sin privilegios sobre un gran objeto sobreescriban todo el contenido del objeto. Esto resultaría en una denegación de servicio.
An authorization flaw was found in the way PostgreSQL handled large objects. A remote, authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-08-10 CVE Published
- 2024-09-16 CVE Updated
- 2024-11-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/100276 | Third Party Advisory | |
http://www.securitytracker.com/id/1039142 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3935 | 2023-05-16 | |
http://www.debian.org/security/2017/dsa-3936 | 2023-05-16 | |
https://access.redhat.com/errata/RHSA-2017:2677 | 2023-05-16 | |
https://access.redhat.com/errata/RHSA-2017:2678 | 2023-05-16 | |
https://security.gentoo.org/glsa/201710-06 | 2023-05-16 | |
https://www.postgresql.org/about/news/1772 | 2023-05-16 | |
https://access.redhat.com/security/cve/CVE-2017-7548 | 2017-09-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1477187 | 2017-09-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 9.4 < 9.4.13 Search vendor "Postgresql" for product "Postgresql" and version " >= 9.4 < 9.4.13" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 9.5 < 9.5.8 Search vendor "Postgresql" for product "Postgresql" and version " >= 9.5 < 9.5.8" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 9.6 < 9.6.4 Search vendor "Postgresql" for product "Postgresql" and version " >= 9.6 < 9.6.4" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|