// For flags

CVE-2023-39417

Postgresql: extension script @substitutions@ within quoting allow sql injection

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

EN EL SCRIPT DE EXTENSIÓN, se encontró una vulnerabilidad de inyección SQL en PostgreSQL si usa @extowner@, @extschema@ o @extschema:...@ dentro de una construcción de cotización (cotización en dólares, '' o ""). Si un administrador ha instalado archivos de una extensión vulnerable, de confianza y no empaquetada, un atacante con privilegios CREATE de nivel de base de datos puede ejecutar código arbitrario como superusuario de arranque.

It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. It was discovered that PostgreSQL incorrectly handled the MERGE command. A remote attacker could possibly use this issue to bypass certain UPDATE and SELECT policies. This issue only affected Ubuntu 23.04.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-08-01 CVE Reserved
  • 2023-08-11 CVE Published
  • 2024-12-23 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (28)
URL Tag Source
https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html Mailing List
https://security.netapp.com/advisory/ntap-20230915-0002 Third Party Advisory
https://www.debian.org/security/2023/dsa-5553 Third Party Advisory
https://www.debian.org/security/2023/dsa-5554 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
https://access.redhat.com/errata/RHSA-2023:7545 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7579 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7580 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7581 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7616 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7656 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7666 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7667 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7694 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7695 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7714 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7770 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7772 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7784 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7785 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7883 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7884 2024-02-16
https://access.redhat.com/errata/RHSA-2023:7885 2024-02-16
https://access.redhat.com/errata/RHSA-2024:0304 2024-02-16
https://access.redhat.com/errata/RHSA-2024:0332 2024-02-16
https://access.redhat.com/errata/RHSA-2024:0337 2024-02-16
https://access.redhat.com/security/cve/CVE-2023-39417 2024-01-22
https://bugzilla.redhat.com/show_bug.cgi?id=2228111 2024-01-22
https://www.postgresql.org/support/security/CVE-2023-39417 2024-02-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Postgresql
Search vendor "Postgresql"
 Postgresql
Search vendor "Postgresql" for product "Postgresql"
 >= 11.0 < 11.21
Search vendor "Postgresql" for product "Postgresql" and version " >= 11.0 < 11.21"
-
Affected
Postgresql
Search vendor "Postgresql"
 Postgresql
Search vendor "Postgresql" for product "Postgresql"
 >= 12.0 < 12.16
Search vendor "Postgresql" for product "Postgresql" and version " >= 12.0 < 12.16"
-
Affected
Postgresql
Search vendor "Postgresql"
 Postgresql
Search vendor "Postgresql" for product "Postgresql"
 >= 13.0 < 13.12
Search vendor "Postgresql" for product "Postgresql" and version " >= 13.0 < 13.12"
-
Affected
Postgresql
Search vendor "Postgresql"
 Postgresql
Search vendor "Postgresql" for product "Postgresql"
 >= 14.0 < 14.9
Search vendor "Postgresql" for product "Postgresql" and version " >= 14.0 < 14.9"
-
Affected
Postgresql
Search vendor "Postgresql"
 Postgresql
Search vendor "Postgresql" for product "Postgresql"
 >= 15.0 < 15.4
Search vendor "Postgresql" for product "Postgresql" and version " >= 15.0 < 15.4"
-
Affected
Redhat
Search vendor "Redhat"
 Software Collections
Search vendor "Redhat" for product "Software Collections"
--
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 9.0
Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 12.0
Search vendor "Debian" for product "Debian Linux" and version "12.0"
-
Affected