CVE-2023-39417

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PostgreSQL (affected versions not specified)

Description The issue is related to a SQL injection vulnerability in PostgreSQL extensions that use specific constructs (@extowner@, @extschema@, or @extschema:...@) inside quoting constructs (dollar quoting, '', or ""). This vulnerability can allow a remote attacker to execute arbitrary SQL queries on the database. If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALSA-2023:7581

ALSA-2023:7714

ALSA-2023:7784

ALSA-2023:7785

ALSA-2023:7884

ALT-PU-2023-4805

ALT-PU-2023-4806

ALT-PU-2023-4807

ALT-PU-2023-4808

ALT-PU-2023-4809

ALT-PU-2023-4810

ALT-PU-2023-4813

ALT-PU-2023-4814

ALT-PU-2023-4815

ALT-PU-2023-4816

ALT-PU-2023-4817

ALT-PU-2023-4818

ALT-PU-2023-4972

ALT-PU-2023-4973

ALT-PU-2023-4974

ALT-PU-2023-5156

ALT-PU-2023-5157

ALT-PU-2023-5198

ALT-PU-2023-5633

ALT-PU-2023-5634

ALT-PU-2023-5635

ALT-PU-2023-5636

ALT-PU-2023-5637

ALT-PU-2023-6628

ALT-PU-2023-6629

ALT-PU-2023-6630

ALT-PU-2023-7081

ALT-PU-2023-7479

AZL-27892

BDU:2023-04767

BIT-POSTGRESQL-2023-39417

CESA-2023_7581

CESA-2023_7714

CESA-2023_7884

CVE-2023-39417

DLA-3600-1

DSA-5553-1

DSA-5554-1

ECHO-3BD5-11A7-75A6

JLSEC-2026-42

MGASA-2023-0261

OESA-2023-1567

OESA-2023-1568

OESA-2023-1576

OESA-2023-1577

OESA-2023-1578

OESA-2025-1335

OPENSUSE-SU-2023_3344-1

OPENSUSE-SU-2023_3347-1

OPENSUSE-SU-2023_3348-1

OPENSUSE-SU-2023_3384-1

OPENSUSE-SU-2024:13118-1

OPENSUSE-SU-2024:13119-1

OPENSUSE-SU-2024:13120-1

OPENSUSE-SU-2024:13134-1

OPENSUSE-SU-2024:13358-1

RHSA-2023:7545

RHSA-2023:7579

RHSA-2023:7580

RHSA-2023:7581

RHSA-2023:7616

RHSA-2023:7656

RHSA-2023:7666

RHSA-2023:7667

RHSA-2023:7694

RHSA-2023:7695

RHSA-2023:7714

RHSA-2023:7770

RHSA-2023:7772

RHSA-2023:7784

RHSA-2023:7785

RHSA-2023:7883

RHSA-2023:7884

RHSA-2023:7885

RHSA-2023_7581

RHSA-2023_7714

RHSA-2023_7784

RHSA-2023_7785

RHSA-2023_7884

RLSA-2023:7581

RLSA-2023:7714

RLSA-2023:7785

ROSA-SA-2024-2359

ROSA-SA-2024-2484

ROSA-SA-2024-2485

ROSA-SA-2024-2486

SUSE-SU-2023:3341-1

SUSE-SU-2023:3342-1

SUSE-SU-2023:3343-1

SUSE-SU-2023:3344-1

SUSE-SU-2023:3344-2

SUSE-SU-2023:3345-1

SUSE-SU-2023:3346-1

SUSE-SU-2023:3347-1

SUSE-SU-2023:3348-1

SUSE-SU-2023:3384-1

SUSE-SU-2023_3341-1

SUSE-SU-2023_3342-1

SUSE-SU-2023_3343-1

SUSE-SU-2023_3344-1

SUSE-SU-2023_3345-1

SUSE-SU-2023_3346-1

SUSE-SU-2023_3347-1

SUSE-SU-2023_3348-1

USN-6296-1

USN-6366-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Postgresql

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-39417

Weakness Enumeration

Related Identifiers

Affected Products

References · 186