Your submission was sent successfully! Close

CVE-2020-14349

Published: 17 August 2020

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
postgresql-10
Launchpad, Ubuntu, Debian
bionic
Released (10.14-0ubuntu0.18.04.1)
focal Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (10.14)
xenial Does not exist

postgresql-12
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (12.4-0ubuntu0.20.04.1)
precise Does not exist

trusty Does not exist

upstream
Released (12.4-1)
xenial Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

precise Not vulnerable
(code not present)
trusty Does not exist

upstream Needs triage

xenial Does not exist

postgresql-9.3
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Does not exist

postgresql-9.5
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (9.5.23)
xenial Not vulnerable
(code not present)