CVE-2024-7348

Name
CVE-2024-7348
Description
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://www.postgresql.org/support/security/CVE-2024-7348/

Match rules

CPE URI Source package Min version Max version
postgresql >= 16 < 16.4
postgresql >= 15 < 15.8
postgresql >= 14 < 14.13
postgresql >= 13 < 13.16
postgresql >= 0 < 12.20

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
postgresql16 edge-main 16.4-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql16 edge-community 16.4-r0 None fixed
postgresql16 3.22-main 16.4-r0 None fixed
postgresql16 3.21-main 16.4-r0 None fixed
postgresql16 3.20-main 16.4-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql16 3.19-main 16.4-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql15 edge-main 15.8-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql15 edge-community 15.8-r0 None fixed
postgresql15 3.22-community 15.8-r0 None fixed
postgresql15 3.21-community 15.8-r0 None fixed
postgresql15 3.20-main 15.8-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql15 3.19-main 15.8-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql15 3.18-main 15.8-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql15 3.17-main 15.8-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql14 edge-community 14.13-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql14 3.20-community 14.13-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql14 3.18-main 14.13-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql14 3.17-main 14.13-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql edge-main 14.1-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
postgresql edge-main 13.4-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
postgresql edge-main 13.3-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
postgresql edge-main 13.2-r0 None possibly vulnerable
postgresql edge-main 12.5-r0 None possibly vulnerable
postgresql edge-main 12.4-r0 None possibly vulnerable
postgresql edge-main 12.2-r0 None possibly vulnerable
postgresql edge-main 11.5-r0 None possibly vulnerable
postgresql edge-main 11.4-r0 None possibly vulnerable
postgresql edge-main 11.3-r0 None possibly vulnerable
postgresql edge-main 11.1-r0 None possibly vulnerable
postgresql edge-main 10.5-r0 None possibly vulnerable
postgresql edge-main 10.4-r0 None possibly vulnerable
postgresql edge-main 10.3-r0 None possibly vulnerable
postgresql edge-main 10.2-r0 None possibly vulnerable
postgresql edge-main 10.1-r0 None possibly vulnerable
postgresql edge-main 9.6.4-r0 None possibly vulnerable
postgresql edge-main 9.6.3-r0 None possibly vulnerable