PT-2020-5313 · Postgresql+8 · Postgresql+8

Andres Freund

·

Published

2020-08-12

·

Updated

2026-01-30

·

CVE-2020-14350

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 12.4 PostgreSQL versions prior to 11.9 PostgreSQL versions prior to 10.14 PostgreSQL versions prior to 9.6.19 PostgreSQL versions prior to 9.5.23
Description The issue is related to PostgreSQL extensions not using the search path safely in their installation scripts. This could allow an attacker with sufficient privileges to trick an administrator into executing a specially crafted script during the installation or update of such an extension, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service.
Recommendations For versions prior to 12.4, update to version 12.4 or later. For versions prior to 11.9, update to version 11.9 or later. For versions prior to 10.14, update to version 10.14 or later. For versions prior to 9.6.19, update to version 9.6.19 or later. For versions prior to 9.5.23, update to version 9.5.23 or later.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

ALSA-2020:5620
ALT-PU-2020-2535
ALT-PU-2020-2536
ALT-PU-2020-2537
ALT-PU-2020-2538
ALT-PU-2020-2539
ALT-PU-2020-2540
ALT-PU-2020-2602
ALT-PU-2020-2603
ALT-PU-2020-2604
ALT-PU-2020-2605
ALT-PU-2020-2606
ALT-PU-2020-2607
BDU:2021-00079
BIT-POSTGRESQL-2020-14350
CESA-2020_3669
CESA-2020_5619
CESA-2020_5620
CLEANSTART-2026-FW42039
CLEANSTART-2026-HJ04971
CVE-2020-14350
DLA-2331-1
GHSA-6V9V-3F4C-CJGX
MGASA-2020-0365
OPENSUSE-SU-2020:1227-1
OPENSUSE-SU-2020:1228-1
OPENSUSE-SU-2020:1243-1
OPENSUSE-SU-2020:1244-1
OPENSUSE-SU-2020:1312-1
OPENSUSE-SU-2020:1326-1
OPENSUSE-SU-2020_1227-1
OPENSUSE-SU-2020_1228-1
OPENSUSE-SU-2020_1243-1
OPENSUSE-SU-2020_1244-1
OPENSUSE-SU-2020_1312-1
OPENSUSE-SU-2020_1326-1
OPENSUSE-SU-2024:11184-1
OPENSUSE-SU-2024:11185-1
OPENSUSE-SU-2024:11186-1
RHSA-2020:3669
RHSA-2020:4295
RHSA-2020:5110
RHSA-2020:5112
RHSA-2020:5619
RHSA-2020:5620
RHSA-2020:5661
RHSA-2020:5664
RHSA-2020_3669
RHSA-2020_5619
RHSA-2020_5620
RHSA-2021:0163
RHSA-2021:0164
RHSA-2021:0166
RHSA-2021:0167
RHSA-2021:0988
RLSA-2020:5620
SUSE-SU-2020:2264-1
SUSE-SU-2020:2265-1
SUSE-SU-2020:2271-1
SUSE-SU-2020:2355-1
SUSE-SU-2020:3464-1
SUSE-SU-2020:3477-1
SUSE-SU-2020:3630-1
USN-4472-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Postgresql
Red Hat
Rocky Linux
Suse
Ubuntu