Tom Lane

Nome do software vulnerável e versões afetadas: Versões do PostgreSQL anteriores à 17.1 Versões do PostgreSQL anteriores à 16.5 Versões do PostgreSQL anteriores à 15.9 Versões do PostgreSQL anteriores à 14.14 Versões do PostgreSQL anteriores à 13.17 Versões do PostgreSQL anteriores à 12.21 Descrição: O problema decorre de uma atribuição incorreta de privilégios, permitindo que um usuário de aplicativo com menos privilégios visualize ou altere linhas diferentes daquelas pretendidas. Um ataque requer que o aplicativo utilize SET ROLE, SET SESSION AUTHORIZATION ou um recurso equivalente. O problema ocorre quando uma consulta do aplicativo utiliza parâmetros do invasor ou transmite resultados da consulta ao invasor, e reage a `current setting(‘role’)` ou ao ID do usuário atual. Isso pode fazer com que a consulta modifique ou retorne dados como se a sessão não tivesse usado SET ROLE ou SET SESSION AUTHORIZATION. O invasor não controla qual ID de usuário incorreta é aplicada. Recomendações: Para versões anteriores à 17.1, atualize para o PostgreSQL 17.1 ou posterior. Para versões anteriores à 16.5, atualize para o PostgreSQL 16.5 ou posterior. Para versões anteriores à 15.9, atualize para o PostgreSQL 15.9 ou posterior. Para versões anteriores à 14.14, atualize para o PostgreSQL 14.14 ou posterior. Para versões anteriores à 13.17, atualize para o PostgreSQL 13.17 ou posterior. Para versões anteriores à 12.21, atualize para o PostgreSQL 12.21 ou posterior. Como solução temporária, considere restringir o uso dos recursos SET ROLE e SET SESSION AUTHORIZATION até que um patch esteja disponível. Evite usar parâmetros de fontes não confiáveis no aplicativo

**Nome do software vulnerável e versões afetadas** Versões do PostgreSQL anteriores à 13.3 Versões do PostgreSQL anteriores à 12.7 Versões do PostgreSQL anteriores à 11.12 Versões do PostgreSQL anteriores à 10.17 Versões do PostgreSQL anteriores à 9.6.22 **Descrição** Foi encontrada uma falha no PostgreSQL que permite que usuários autenticados do banco de dados gravem bytes arbitrários em uma ampla área da memória do servidor devido à ausência de verificações de limites durante a modificação de determinados valores de matriz SQL. Esse problema representa uma ameaça à confidencialidade e integridade dos dados, bem como à disponibilidade do sistema. A vulnerabilidade pode ser explorada por um invasor remoto usando consultas SQL especialmente criadas, permitindo potencialmente a execução de código arbitrário. **Recomendações** Para versões anteriores à 13.3, atualize para a versão 13.3 ou posterior. Para versões anteriores à 12.7, atualize para a versão 12.7 ou posterior. Para versões anteriores à 11.12, atualize para a versão 11.12 ou posterior. Para versões anteriores à 10.17, atualize para a versão 10.17 ou posterior. Para versões anteriores à 9.6.22, atualize para a versão 9.6.22 ou posterior.

**Nome do software vulnerável e versões afetadas** PostgreSQL (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma falha na implementação do comando UPDATE ... RETURNING no sistema de gerenciamento de banco de dados PostgreSQL, associada a erros na liberação de memória. Isso pode permitir que um invasor remoto obtenha acesso não autorizado a informações protegidas. Um usuário autenticado do banco de dados poderia ler bytes arbitrários da memória do servidor usando o comando UPDATE ... RETURNING em uma tabela criada propositalmente, representando uma ameaça à confidencialidade dos dados. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do PostgreSQL anteriores à 12.2 Versões do PostgreSQL anteriores à 11.7 Versões do PostgreSQL anteriores à 10.12 Versões do PostgreSQL anteriores à 9.6.17 **Descrição** Foi encontrada uma falha no comando “ALTER ... DEPENDS ON EXTENSION” do PostgreSQL, na qual os subcomandos não realizavam verificações de autorização. Um invasor autenticado poderia usar essa falha em determinadas configurações para excluir objetos, como funções, gatilhos e outros, levando à corrupção do banco de dados. **Recomendações** Para versões anteriores à 12.2, atualize para a versão 12.2 ou posterior. Para versões anteriores à 11.7, atualize para a versão 11.7 ou posterior. Para versões anteriores à 10.12, atualize para a versão 10.12 ou posterior. Para versões anteriores à 9.6.17, atualize para a versão 9.6.17 ou posterior.

**Name of the Vulnerable Software and Affected Versions** postgresql versions 9.4.x before 9.4.24 postgresql versions 9.5.x before 9.5.19 postgresql versions 9.6.x before 9.6.15 postgresql versions 10.x before 10.10 postgresql versions 11.x before 11.5 **Description** A flaw in postgresql allows arbitrary SQL statements to be executed given a suitable SECURITY DEFINER function. An attacker with EXECUTE permission on the function can execute arbitrary SQL as the owner of the function. The vulnerability is related to the lack of protection of the SQL query structure in the SECURITY DEFINER function of the PostgreSQL database management system. Exploitation of the vulnerability can allow a remote attacker to execute arbitrary SQL commands. **Recommendations** For postgresql versions 9.4.x before 9.4.24, update to version 9.4.24 or later. For postgresql versions 9.5.x before 9.5.19, update to version 9.5.19 or later. For postgresql versions 9.6.x before 9.6.15, update to version 9.6.15 or later. For postgresql versions 10.x before 10.10, update to version 10.10 or later. For postgresql versions 11.x before 11.5, update to version 11.5 or later. As a temporary workaround, consider restricting EXECUTE permission on SECURITY DEFINER functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 9.3.x through 9.3.20 PostgreSQL versions 9.4.x through 9.4.15 PostgreSQL versions 9.5.x through 9.5.10 PostgreSQL versions 9.6.x through 9.6.6 PostgreSQL versions 10.x through 10.1 **Description** The issue is related to the implementation of the `pg upgrade` command in the PostgreSQL database management system. It involves errors when creating temporary files in the current working directory. Exploitation of this issue could allow an attacker to access arbitrary files. Specifically, `pg upgrade` creates a file containing the output of `pg dumpall -g` under the umask in effect when the user invoked `pg upgrade`, rather than the normally used 0077 for other temporary files. This could enable an authenticated attacker to read or modify the file, potentially accessing encrypted or unencrypted database passwords. The attack is more difficult if the directory mode prevents the attacker from searching the current working directory or if the prevailing umask blocks the attacker from opening the file. **Recommendations** For PostgreSQL versions 9.3.x through 9.3.20, update to version 9.3.21 or later. For PostgreSQL versions 9.4.x through 9.4.15, update to version 9.4.16 or later. For PostgreSQL versions 9.5.x through 9.5.10, update to version 9.5.11 or later. For PostgreSQL versions 9.6.x through 9.6.6, update to version 9.6.7 or later. For PostgreSQL versions 10.x through 10.1, update to version 10.2 or later.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 9.1.23 PostgreSQL versions 9.2.x prior to 9.2.18 PostgreSQL versions 9.3.x prior to 9.3.14 PostgreSQL versions 9.4.x prior to 9.4.9 PostgreSQL versions 9.5.x prior to 9.5.4 **Description** The issue allows remote authenticated users to cause a denial of service, obtain sensitive memory information, or possibly execute arbitrary code. This can be achieved through a CASE expression within the test value subexpression of another CASE or inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types. Certain nested CASE/WHEN expressions can also crash the server. **Recommendations** For PostgreSQL versions prior to 9.1.23, update to version 9.1.23 or later. For PostgreSQL versions 9.2.x prior to 9.2.18, update to version 9.2.18 or later. For PostgreSQL versions 9.3.x prior to 9.3.14, update to version 9.3.14 or later. For PostgreSQL versions 9.4.x prior to 9.4.9, update to version 9.4.9 or later. For PostgreSQL versions 9.5.x prior to 9.5.4, update to version 9.5.4 or later. As a temporary workaround, consider avoiding the use of nested CASE/WHEN expressions until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 9.1.20 PostgreSQL versions 9.2.x prior to 9.2.15 PostgreSQL versions 9.3.x prior to 9.3.11 PostgreSQL versions 9.4.x prior to 9.4.6 PostgreSQL versions 9.5.x prior to 9.5.1 **Description** The issue allows remote attackers to cause a denial of service, potentially resulting in an infinite loop or buffer overflow and crash, via a large Unicode character range in a regular expression. This can be exploited by an attacker to disrupt service. The problem is caused by an unchecked regex that can crash the server. **Recommendations** For PostgreSQL versions prior to 9.1.20, update to version 9.1.20 or later. For PostgreSQL versions 9.2.x prior to 9.2.15, update to version 9.2.15 or later. For PostgreSQL versions 9.3.x prior to 9.3.11, update to version 9.3.11 or later. For PostgreSQL versions 9.4.x prior to 9.4.6, update to version 9.4.6 or later. For PostgreSQL versions 9.5.x prior to 9.5.1, update to version 9.5.1 or later. As a temporary workaround, consider restricting the use of regular expressions containing large Unicode character ranges until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 9.0.19 PostgreSQL versions 9.1.x prior to 9.1.15 PostgreSQL versions 9.2.x prior to 9.2.10 PostgreSQL versions 9.3.x prior to 9.3.6 PostgreSQL versions 9.4.x prior to 9.4.1 **Description** A stack-based buffer overflow in the *printf function implementations in PostgreSQL, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the `to char` function. **Recommendations** For PostgreSQL versions prior to 9.0.19, update to version 9.0.19 or later. For PostgreSQL versions 9.1.x prior to 9.1.15, update to version 9.1.15 or later. For PostgreSQL versions 9.2.x prior to 9.2.10, update to version 9.2.10 or later. For PostgreSQL versions 9.3.x prior to 9.3.6, update to version 9.3.6 or later. For PostgreSQL versions 9.4.x prior to 9.4.1, update to version 9.4.1 or later. As a temporary workaround, consider restricting the use of the `to char` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 6.7.8 and earlier **Description** The issue is related to the Magick png malloc function in coders/png.c, which does not use the proper variable type for the allocation size. This might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. **Recommendations** For ImageMagick versions 6.7.8 and earlier, update to a version that fixes the issue with the Magick png malloc function to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 6.7.8-6 **Description** The issue is related to the `Magick png malloc` function in `coders/png.c`, which does not use the proper variable type for the allocation size. This might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. **Recommendations** For GraphicsMagick version 6.7.8-6, consider updating to a newer version that addresses this issue, as the current version may be prone to denial of service attacks due to incorrect memory allocation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions prior to 4.0.2 tiff package versions prior to 4.0.2-r1 in Gentoo Linux **Description** The issue allows remote attackers to cause problems with the confidentiality, integrity, and availability of protected information via a crafted file. This can lead to a denial of service, such as an application crash, due to improper handling of certain tags during TIFF file processing. **Recommendations** For LibTIFF versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. For tiff package versions prior to 4.0.2-r1 in Gentoo Linux, update to version 4.0.2-r1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 3.9.0 through 3.9.4 tiff versions prior to 4.0.2-r1 **Description** The issue concerns multiple vulnerabilities in the LibTIFF package, which can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The OJPEGPostDecode function in tif ojpeg.c is specifically mentioned as allowing remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." **Recommendations** For LibTIFF versions 3.9.0 through 3.9.4, update to a version later than 3.9.4 to resolve the issue. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to TIFF images from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MySQL versions 4.1.x through 4.1.19 MySQL versions 5.0.x through 5.0.21 **Description** A SQL injection issue allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK. The issue arises because these character sets are not properly handled when the `mysql real escape` function is used to escape the input. **Recommendations** For MySQL versions 4.1.x through 4.1.19, update to version 4.1.20 or later. For MySQL versions 5.0.x through 5.0.21, update to version 5.0.22 or later.

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 7.3.x through 8.0.x Description: The issue allows unprivileged users to call certain character conversion functions with malicious values, potentially causing at least a denial of service. A valid login is required to exploit this issue. The character conversion functions are not designed to be safe against malicious arguments. Recommendations: For versions 7.3.x through 8.0.x, follow the special upgrade instructions provided in the announcement to resolve the issue. As a temporary workaround, consider restricting access to the character conversion functions to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 7.4 through 8.0.x Description: The issue is related to the tsearch2 module, which declares certain functions as "internal" even when they do not take an internal argument. This allows attackers to cause a denial of service, potentially leading to an application crash, and may have other impacts via SQL commands that call other functions that accept internal arguments. A valid login is required to exploit this issue. Recommendations: For PostgreSQL versions 7.4 through 8.0.x, follow the special upgrade instructions provided in the announcement to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 8.0.0 and earlier **Description** The issue allows attackers to cause a denial of service, resulting in a crash, by utilizing crafted arrays. A valid login is required to exploit this issue. **Recommendations** For versions 8.0.0 and earlier, consider disabling the intagg contrib module as a temporary workaround until a patch is available. Restrict access to the module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 8.0.0 and earlier **Description** The issue allows local users to bypass the EXECUTE permission check for functions. This is achieved by using the CREATE AGGREGATE command. A valid login is required to exploit this issue. EXECUTE permissions are not properly checked when creating aggregates. **Recommendations** For PostgreSQL versions 8.0.0 and earlier, consider restricting the use of the CREATE AGGREGATE command until a proper fix is applied to ensure that EXECUTE permissions are properly checked. As a temporary workaround, review and limit the creation of aggregates to authorized users only.