Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
History

Tue, 29 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els

Wed, 11 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_tus:8.6

Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_tus:8.4
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus

Wed, 28 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Wed, 28 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Fri, 23 Aug 2024 08:30:00 +0000

Type Values Removed Values Added
References

Tue, 13 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 09 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Postgresql
Postgresql postgresql
CPEs cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Vendors & Products Postgresql
Postgresql postgresql
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 09 Aug 2024 05:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Thu, 08 Aug 2024 13:15:00 +0000

Type Values Removed Values Added
Description Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Title PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Weaknesses CWE-367
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published: 2024-08-08T13:00:02.130Z

Updated: 2024-08-22T18:03:18.699Z

Reserved: 2024-07-31T18:33:23.341Z

Link: CVE-2024-7348

cve-icon Vulnrichment

Updated: 2024-08-22T18:03:18.699Z

cve-icon NVD

Status : Modified

Published: 2024-08-08T13:15:14.007

Modified: 2024-11-21T09:51:20.720

Link: CVE-2024-7348

cve-icon Redhat

Severity : Important

Publid Date: 2024-08-08T00:00:00Z

Links: CVE-2024-7348 - Bugzilla