CVE-2024-7348

Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.postgresql.org/support/security/CVE-2024-7348/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

History

12 Aug 2024, 15:54

Type	Values Removed	Values Added
CPE		cpe:2.3:a:postgresql:postgresql::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Postgresql Postgresql postgresql
References	~~() https://www.postgresql.org/support/security/CVE-2024-7348/ -~~	() https://www.postgresql.org/support/security/CVE-2024-7348/ - Vendor Advisory
CWE		CWE-367

08 Aug 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-08 13:15

Updated : 2024-08-12 15:54

NVD link : CVE-2024-7348

Mitre link : CVE-2024-7348

JSON object : View

Products Affected

postgresql

postgresql

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.postgresql.org/support/security/CVE-2024-7348/", "name": "https://www.postgresql.org/support/security/CVE-2024-7348/", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-367"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-7348", "ASSIGNER": "cna@postgresql.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}}, "publishedDate": "2024-08-08T13:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.4", "versionStartIncluding": "16.0"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.8", "versionStartIncluding": "15.0"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "14.13", "versionStartIncluding": "14.0"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "13.16", "versionStartIncluding": "13.0"}, {"cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.20", "versionStartIncluding": "12.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-08-12T15:54Z"}