CVE-2023-39417 — HIGH (7.5)

Q: How severe is CVE-2023-39417?

CVE-2023-39417 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-39417?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Redhat Software Collections, Redhat Enterprise Linux, Debian Debian Linux.

Vulnerability Description

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Postgresql	Postgresql	>= 11.0, < 11.21
Redhat	Software Collections	-
Redhat	Enterprise Linux	8.0
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-89

References

https://access.redhat.com/errata/RHSA-2023:7545Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7579Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7580Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7581Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7616Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7656Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7666Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7667Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7694Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7695Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7714Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7770Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7772Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7784Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7785Third Party Advisory

FAQ

What is CVE-2023-39417?

CVE-2023-39417 is a vulnerability with a CVSS score of 7.5 (HIGH). IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an admi...

How severe is CVE-2023-39417?

CVE-2023-39417 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-39417?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Redhat Software Collections, Redhat Enterprise Linux, Debian Debian Linux.