cnvd - cnvd-2022-86393

cnvd-2022-86393

Vulnerability from cnvd

Title

PostgreSQL JDBC Drive信息泄露漏洞

Description

PostgreSQL JDBC Driver是一个用Pure Java(Type 4)编写的开源JDBC驱动程序，用于PostgreSQL本地网络协议中进行通信。 PostgreSQL JDBC Driver存在信息泄露漏洞。该漏洞源于输入流大于2k，则使用 PreparedStatement.setText(int，InputStream)或 PreparedStatemet.setBytea(int，InputStream)的预处理语句将创建一个临时文件。攻击者可利用漏洞获取敏感信息。

Severity

中

Patch Name

PostgreSQL JDBC Drive信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5

Reference

https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5

Impacted products

Name
['Postgresql postgresql_jdbc_driver >=42.2.0，<42.2.27', 'Postgresql postgresql_jdbc_driver >=42.3.0，<42.3.8', 'Postgresql postgresql_jdbc_driver >=42.4.0，<42.4.3', 'Postgresql postgresql_jdbc_driver 42.5.0', 'Postgresql postgresql_jdbc_driver 42.5.0 rc1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-41946",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41946"
    }
  },
  "description": "PostgreSQL JDBC Driver\u662f\u4e00\u4e2a\u7528Pure Java(Type 4)\u7f16\u5199\u7684\u5f00\u6e90JDBC\u9a71\u52a8\u7a0b\u5e8f\uff0c\u7528\u4e8ePostgreSQL\u672c\u5730\u7f51\u7edc\u534f\u8bae\u4e2d\u8fdb\u884c\u901a\u4fe1\u3002\n\nPostgreSQL JDBC Driver\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f93\u5165\u6d41\u5927\u4e8e2k\uff0c\u5219\u4f7f\u7528 PreparedStatement.setText(int\uff0cInputStream)\u6216 PreparedStatemet.setBytea(int\uff0cInputStream)\u7684\u9884\u5904\u7406\u8bed\u53e5\u5c06\u521b\u5efa\u4e00\u4e2a\u4e34\u65f6\u6587\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-86393",
  "openTime": "2022-12-06",
  "patchDescription": "PostgreSQL JDBC Driver\u662f\u4e00\u4e2a\u7528Pure Java(Type 4)\u7f16\u5199\u7684\u5f00\u6e90JDBC\u9a71\u52a8\u7a0b\u5e8f\uff0c\u7528\u4e8ePostgreSQL\u672c\u5730\u7f51\u7edc\u534f\u8bae\u4e2d\u8fdb\u884c\u901a\u4fe1\u3002\r\n\r\nPostgreSQL JDBC Driver\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f93\u5165\u6d41\u5927\u4e8e2k\uff0c\u5219\u4f7f\u7528 PreparedStatement.setText(int\uff0cInputStream)\u6216 PreparedStatemet.setBytea(int\uff0cInputStream)\u7684\u9884\u5904\u7406\u8bed\u53e5\u5c06\u521b\u5efa\u4e00\u4e2a\u4e34\u65f6\u6587\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PostgreSQL JDBC Drive\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Postgresql postgresql_jdbc_driver \u003e=42.2.0\uff0c\u003c42.2.27",
      "Postgresql postgresql_jdbc_driver \u003e=42.3.0\uff0c\u003c42.3.8",
      "Postgresql postgresql_jdbc_driver \u003e=42.4.0\uff0c\u003c42.4.3",
      "Postgresql postgresql_jdbc_driver 42.5.0",
      "Postgresql postgresql_jdbc_driver 42.5.0 rc1"
    ]
  },
  "referenceLink": "https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5",
  "serverity": "\u4e2d",
  "submitTime": "2022-11-25",
  "title": "PostgreSQL JDBC Drive\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2022-41946 (GCVE-0-2022-41946)

Vulnerability from cvelistv5

Published

2022-11-23 00:00

Modified

2024-08-03 12:56

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
CWE-377 - Insecure Temporary File

Summary

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.

References

URL

Tags

	https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h
	https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5
	https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240329-0003/