IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
References
Link Providers
https://access.redhat.com/errata/RHSA-2023:7545 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7579 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7580 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7581 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7616 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7656 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7666 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7667 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7694 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7695 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7714 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7770 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7772 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7784 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7785 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7883 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7884 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7885 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0304 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0332 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0337 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-39417 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2228111 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-39417 cve-icon
https://security.netapp.com/advisory/ntap-20230915-0002/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-39417 cve-icon
https://www.debian.org/security/2023/dsa-5553 cve-icon
https://www.debian.org/security/2023/dsa-5554 cve-icon
https://www.postgresql.org/support/security/CVE-2023-39417 cve-icon cve-icon cve-icon
History
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-08-11T12:19:15.108Z

Updated: 2024-12-23T05:37:46.065Z

Reserved: 2023-08-01T09:31:02.842Z

Link: CVE-2023-39417

cve-icon Vulnrichment

Updated: 2024-08-02T18:10:20.829Z

cve-icon NVD

Status : Modified

Published: 2023-08-11T13:15:09.870

Modified: 2024-11-21T08:15:22.817

Link: CVE-2023-39417

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-08-10T00:00:00Z

Links: CVE-2023-39417 - Bugzilla