CVE-2024-10979

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-10979

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10979.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-10979

Aliases

BIT-postgresql-2024-10979

Downstream

ALPINE-CVE-2024-10979

BELL-CVE-2024-10979

DEBIAN-CVE-2024-10979

DLA-3954-1

DSA-5812-1

MINI-85xw-qcmq-j9rh

MINI-cxpm-cwp3-m6w2

MINI-x674-c4fr-r575

OESA-2024-2427

OESA-2024-2428

OESA-2024-2429

OESA-2024-2430

OESA-2024-2466

OESA-2024-2467

OESA-2024-2468

OESA-2024-2469

OESA-2025-1335

RHSA-2024:10593

RHSA-2024:10595

RHSA-2024:10677

RHSA-2024:10705

RHSA-2024:10736

RHSA-2024:10739

RHSA-2024:10750

RHSA-2024:10785

RHSA-2024:10787

RHSA-2024:10788

RHSA-2024:10789

RHSA-2024:10791

RHSA-2024:10800

RHSA-2024:10807

RHSA-2024:10827

RHSA-2024:10830

RHSA-2024:10831

RHSA-2024:10832

RHSA-2024:10846

RHSA-2024:10851

RHSA-2024:10879

RHSA-2024:10882

SUSE-SU-2024:4052-1

SUSE-SU-2024:4063-1

SUSE-SU-2024:4095-1

SUSE-SU-2024:4096-1

SUSE-SU-2024:4097-1

SUSE-SU-2024:4098-1

SUSE-SU-2024:4099-1

SUSE-SU-2024:4114-1

SUSE-SU-2024:4118-1

SUSE-SU-2024:4173-1

SUSE-SU-2024:4174-1

SUSE-SU-2024:4175-1

SUSE-SU-2024:4176-1

SUSE-SU-2025:01799-1

UBUNTU-CVE-2024-10979

USN-7132-1

USN-7358-1

openSUSE-SU-2024:14501-1

openSUSE-SU-2024:14502-1

openSUSE-SU-2024:14503-1

openSUSE-SU-2024:14504-1

openSUSE-SU-2024:14505-1

openSUSE-SU-2024:14506-1

Related

Published

2024-11-14T13:15:04Z

Modified

2025-08-09T20:01:27Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

References

Affected packages