CVE-2018-10925

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 10.5 PostgreSQL versions prior to 9.6.10 PostgreSQL versions prior to 9.5.14 PostgreSQL versions prior to 9.4.19 PostgreSQL versions prior to 9.3.24

Description The issue is related to errors in authorization within the PostgreSQL database management system. It allows a remote attacker to potentially elevate their privileges. Specifically, the vulnerability involves improper authorization checks on certain statements, such as INSERT ... ON CONFLICT DO UPDATE. This could enable an attacker with CREATE TABLE privileges to read arbitrary bytes from server memory. If the attacker also has certain INSERT and limited UPDATE privileges to a particular table, they could exploit this to update other columns in the same table.

Recommendations For versions prior to 10.5, update to version 10.5 or later. For versions prior to 9.6.10, update to version 9.6.10 or later. For versions prior to 9.5.14, update to version 9.5.14 or later. For versions prior to 9.4.19, update to version 9.4.19 or later. For versions prior to 9.3.24, update to version 9.3.24 or later.