PT-2018-2783 · Postgresql+3 · Postgresql+3

Arseniy Sharoglazov

Published

2018-02-28

Updated

2026-01-30

CVE-2018-1058

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 9.3 through 10

Description The issue is related to insufficient access control in the PostgreSQL database management system. It allows a remote attacker to elevate their privileges and execute arbitrary code. An attacker with a user account can exploit this flaw to execute code with superuser permissions in the database.

Recommendations For versions 9.3 through 10, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of privilege escalation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-264

Related Identifiers

ALT-PU-2018-1304

ALT-PU-2018-1305

ALT-PU-2018-1306

ALT-PU-2018-1307

ALT-PU-2018-1308

ALT-PU-2018-1309

BDU:2019-01829

CLEANSTART-2026-FW42039

CLEANSTART-2026-HJ04971

CVE-2018-1058

MGASA-2018-0446

OPENSUSE-SU-2024:11184-1

RHSA-2018:2511

RHSA-2018:2566

RHSA-2018:3816

SUSE-SU-2018:0755-1

SUSE-SU-2018:0756-1

SUSE-SU-2018:0876-1

SUSE-SU-2018_0755-1

SUSE-SU-2018_0756-1

SUSE-SU-2018_0876-1

USN-3589-1

Affected Products

Alt Linux

Postgresql

Suse

Ubuntu

PT-2018-2783 · Postgresql+3 · Postgresql+3

CVE-2018-1058

Weakness Enumeration

Related Identifiers

Affected Products

References · 142