ID CVE-2018-10925
Summary It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
References
Vulnerable Configurations
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.5.13:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:10.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:10.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:10.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:10.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:10.4:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 24-02-2023 - 18:38)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2018:2511
  • rhsa
    id RHSA-2018:2565
  • rhsa
    id RHSA-2018:2566
  • rhsa
    id RHSA-2018:3816
rpms
  • rh-postgresql95-postgresql-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-contrib-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-contrib-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-debuginfo-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-debuginfo-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-devel-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-devel-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-docs-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-docs-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-libs-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-libs-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-plperl-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-plperl-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-plpython-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-plpython-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-pltcl-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-pltcl-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-server-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-server-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-static-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-static-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-test-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-test-0:9.5.14-1.el7
  • rh-postgresql10-postgresql-0:10.5-1.el7
  • rh-postgresql10-postgresql-contrib-0:10.5-1.el7
  • rh-postgresql10-postgresql-contrib-syspaths-0:10.5-1.el7
  • rh-postgresql10-postgresql-debuginfo-0:10.5-1.el7
  • rh-postgresql10-postgresql-devel-0:10.5-1.el7
  • rh-postgresql10-postgresql-docs-0:10.5-1.el7
  • rh-postgresql10-postgresql-libs-0:10.5-1.el7
  • rh-postgresql10-postgresql-plperl-0:10.5-1.el7
  • rh-postgresql10-postgresql-plpython-0:10.5-1.el7
  • rh-postgresql10-postgresql-pltcl-0:10.5-1.el7
  • rh-postgresql10-postgresql-server-0:10.5-1.el7
  • rh-postgresql10-postgresql-server-syspaths-0:10.5-1.el7
  • rh-postgresql10-postgresql-static-0:10.5-1.el7
  • rh-postgresql10-postgresql-syspaths-0:10.5-1.el7
  • rh-postgresql10-postgresql-test-0:10.5-1.el7
  • rh-postgresql96-postgresql-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-contrib-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-contrib-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-contrib-syspaths-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-contrib-syspaths-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-debuginfo-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-debuginfo-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-devel-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-devel-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-docs-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-docs-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-libs-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-libs-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-plperl-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-plperl-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-plpython-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-plpython-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-pltcl-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-pltcl-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-server-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-server-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-server-syspaths-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-server-syspaths-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-static-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-static-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-syspaths-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-syspaths-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-test-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-test-0:9.6.10-1.el7
  • cfme-0:5.9.6.5-3.el7cf
  • cfme-amazon-smartstate-0:5.9.6.5-2.el7cf
  • cfme-appliance-0:5.9.6.5-1.el7cf
  • cfme-appliance-common-0:5.9.6.5-1.el7cf
  • cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf
  • cfme-appliance-tools-0:5.9.6.5-1.el7cf
  • cfme-debuginfo-0:5.9.6.5-3.el7cf
  • cfme-gemset-0:5.9.6.5-2.el7cf
  • cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf
  • dbus-api-service-0:1.0.1-3.1.el7cf
  • httpd-configmap-generator-0:0.2.2-1.2.el7cf
  • postgresql96-0:9.6.10-1PGDG.el7at
  • postgresql96-contrib-0:9.6.10-1PGDG.el7at
  • postgresql96-debuginfo-0:9.6.10-1PGDG.el7at
  • postgresql96-devel-0:9.6.10-1PGDG.el7at
  • postgresql96-docs-0:9.6.10-1PGDG.el7at
  • postgresql96-libs-0:9.6.10-1PGDG.el7at
  • postgresql96-plperl-0:9.6.10-1PGDG.el7at
  • postgresql96-plpython-0:9.6.10-1PGDG.el7at
  • postgresql96-pltcl-0:9.6.10-1PGDG.el7at
  • postgresql96-server-0:9.6.10-1PGDG.el7at
  • postgresql96-test-0:9.6.10-1PGDG.el7at
refmap via4
bid 105052
confirm
debian DSA-4269
gentoo GLSA-201810-08
sectrack 1041446
suse openSUSE-SU-2020:1227
ubuntu USN-3744-1
Last major update 24-02-2023 - 18:38
Published 09-08-2018 - 21:29
Last modified 24-02-2023 - 18:38
Back to Top