CVE-2017-7548

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.4.13 PostgreSQL versions prior to 9.5.8 PostgreSQL versions prior to 9.6.4

Description The issue is caused by a flaw in the authorization procedure, allowing remote authenticated attackers with no privileges on a large object to overwrite its entire contents. This results in a denial of service. The lo put() function is specifically mentioned as ignoring ACLs, contributing to the vulnerability.

Recommendations For versions prior to 9.4.13, update to version 9.4.13 or later. For versions prior to 9.5.8, update to version 9.5.8 or later. For versions prior to 9.6.4, update to version 9.6.4 or later. As a temporary workaround, consider restricting access to the lo put() function until a patch is available.

Fix

DoS

Improper Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-862

Related Identifiers

BDU:2017-02036

CLEANSTART-2026-FW42039

CLEANSTART-2026-HJ04971

CVE-2017-7548

DSA-3935-1

DSA-3936-1

MGASA-2017-0316

OPENSUSE-SU-2017_2306-1

OPENSUSE-SU-2017_2391-1

OPENSUSE-SU-2017_2392-1

OPENSUSE-SU-2018_0529-1

RHSA-2017:2677

RHSA-2017:2678

SUSE-SU-2017:2236-1

SUSE-SU-2017:2258-1

SUSE-SU-2017:2355-1

SUSE-SU-2017:2356-1

USN-3390-1

Affected Products

Postgresql

Suse

Ubuntu

CVE-2017-7548

Weakness Enumeration

Related Identifiers

Affected Products

References · 123