PT-2022-4131 · Unknown+11 · Postgresql+10

Sven Klemm

·

Published

2022-08-10

·

Updated

2026-01-30

·

CVE-2022-2625

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions PostgreSQL (affected versions not specified)
Description A vulnerability was found in PostgreSQL that allows an attacker to run arbitrary code as the victim role, which may be a superuser. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. The flaw is related to errors when using OR commands with extensions, which can allow a remote attacker to elevate their privileges and replace arbitrary objects in the database.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-264CWE-915

Related Identifiers

ALSA-2022:7128
ALSA-2023:0113
ALSA-2023:1576
ALSA-2023:1693
ALT-PU-2022-2408
ALT-PU-2022-2409
ALT-PU-2022-2410
ALT-PU-2022-2411
ALT-PU-2022-2412
ALT-PU-2022-2413
ALT-PU-2022-2461
ALT-PU-2022-2462
ALT-PU-2022-2463
ALT-PU-2022-2464
ALT-PU-2022-2465
ALT-PU-2022-2466
ALT-PU-2022-2535
ALT-PU-2022-2536
ALT-PU-2022-2537
ALT-PU-2022-2538
ALT-PU-2023-1057
ALT-PU-2023-6628
ALT-PU-2023-6629
ALT-PU-2023-6630
ALT-PU-2023-6631
AZL-10595
BDU:2022-04971
BIT-POSTGRESQL-2022-2625
CESA-2022_7128
CESA-2023_0113
CESA-2023_1576
CLEANSTART-2026-FW42039
CLEANSTART-2026-HJ04971
CVE-2022-2625
DLA-3072-1
ECHO-03C5-B6E9-23CB
MGASA-2022-0313
OPENSUSE-SU-2022_2946-1
OPENSUSE-SU-2022_2987-1
OPENSUSE-SU-2022_2988-1
OPENSUSE-SU-2022_2989-1
OPENSUSE-SU-2024:12264-1
OPENSUSE-SU-2024:12265-1
OPENSUSE-SU-2024:12266-1
OPENSUSE-SU-2024:12267-1
OPENSUSE-SU-2024:12268-1
RHSA-2022:7128
RHSA-2022_7128
RHSA-2023:0113
RHSA-2023:0160
RHSA-2023:1576
RHSA-2023:1693
RHSA-2023:7545
RHSA-2023:7580
RHSA-2023:7667
RHSA-2023:7694
RHSA-2023:7695
RHSA-2023_0113
RHSA-2023_1576
RHSA-2023_1693
RLSA-2022:7128
RLSA-2023:0113
RLSA-2023:1576
SUSE-SU-2022:2893-1
SUSE-SU-2022:2912-1
SUSE-SU-2022:2914-1
SUSE-SU-2022:2946-1
SUSE-SU-2022:2958-1
SUSE-SU-2022:2987-1
SUSE-SU-2022:2988-1
SUSE-SU-2022:2989-1
SUSE-SU-2022:2989-2
SUSE-SU-2022:3193-1
SUSE-SU-2022:3269-1
SUSE-SU-2022_2912-1
SUSE-SU-2022_2914-1
SUSE-SU-2022_2946-1
SUSE-SU-2022_2987-1
SUSE-SU-2022_2988-1
SUSE-SU-2022_2989-1
SUSE-SU-2022_2989-2
SUSE-SU-2022_3193-1
SUSE-SU-2022_3269-1
USN-5571-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Postgresql
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu