CVE-2018-10925

CVE-2018-10925

Name

CVE-2018-10925

Description

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.postgresql.org/about/news/1878/
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925
Third Party Advisory	https://www.debian.org/security/2018/dsa-4269
Third Party Advisory	http://www.securityfocus.com/bid/105052
Third Party Advisory	http://www.securitytracker.com/id/1041446
Third Party Advisory	https://usn.ubuntu.com/3744-1/
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:2511
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:2566
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:2565
GENTOO	https://security.gentoo.org/glsa/201810-08
REDHAT	https://access.redhat.com/errata/RHSA-2018:3816
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

Type

URI

Vendor Advisory

https://www.postgresql.org/about/news/1878/

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925

Third Party Advisory

https://www.debian.org/security/2018/dsa-4269

Third Party Advisory

http://www.securityfocus.com/bid/105052

Third Party Advisory

http://www.securitytracker.com/id/1041446

Third Party Advisory

https://usn.ubuntu.com/3744-1/

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2511

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2566

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2565

GENTOO

https://security.gentoo.org/glsa/201810-08

REDHAT

https://access.redhat.com/errata/RHSA-2018:3816

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::`	ubuntu_linux	== None	== 14.04
`cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::`	ubuntu_linux	== None	== 16.04
`cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::`	ubuntu_linux	== None	== 18.04

CPE URI

Source package

Min version

Max version

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

ubuntu_linux

== None

== 14.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

ubuntu_linux

== None

== 16.04

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

ubuntu_linux

== None

== 18.04

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
postgresql15	edge-main	10.5-r0	None	fixed
postgresql15	edge-community	10.5-r0	None	fixed
postgresql15	3.20-main	10.5-r0	None	fixed
postgresql15	3.19-main	10.5-r0	None	fixed
postgresql15	3.18-main	10.5-r0	None	fixed
postgresql15	3.17-main	10.5-r0	None	fixed
postgresql14	edge-main	10.5-r0	None	fixed
postgresql14	edge-community	10.5-r0	None	fixed
postgresql14	3.20-community	10.5-r0	None	fixed
postgresql14	3.19-community	10.5-r0	None	fixed
postgresql14	3.18-main	10.5-r0	None	fixed
postgresql14	3.17-main	10.5-r0	None	fixed
postgresql	edge-main	10.5-r0	None	fixed
postgresql	3.12-main	10.5-r0	None	fixed
postgresql	3.11-main	10.5-r0	None	fixed
postgresql	3.10-main	10.5-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

postgresql15

edge-main

10.5-r0

None

fixed

postgresql15

edge-community