CVE-2024-7348

Time-of-check Time-of-use (TOCTOU) race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.

References

Affected packages

Git / git.postgresql.org/git/postgresql.git

Affected ranges

Type: GIT
Repo: https://git.postgresql.org/git/postgresql.git
Events: Introduced

29be9983a64c011eac0b9ee29895cce71e15ea77

Fixed

0dc08bbfcc93ac4f04d2a3f4b9d1231a80e2cc0c

Introduced

c372fbbd8e911f2412b80a8c39d7079366565d67

Fixed

2caa85f4aae689e6f6721d7363b4c66a2a6417d6

Introduced

86a4dc1e6f29d1992a2afa3fac1a0b0a6e84568c

Fixed

33965476b6ef6a37af2bc9bb1b5b2af17c35dc5e

Introduced

2a7ce2e2ce474504a707ec03e128fde66cfb8b48

Fixed

3cc5e51ab4507b33acc82684b7d79ac43b8a6b5d

Introduced

ad1f2885b8c82e0c2d56d7974f012cbecce17a17

Fixed

76265a851b13bbb001a218481c0cb6315c0fdfe6

Affected versions

Other

REL_12_0

REL_12_1

REL_12_10

REL_12_11

REL_12_12

REL_12_13

REL_12_14

REL_12_15

REL_12_16

REL_12_17

REL_12_18

REL_12_19

REL_12_2

REL_12_3

REL_12_4

REL_12_5

REL_12_6

REL_12_7

REL_12_8

REL_12_9

REL_13_0

REL_13_1

REL_13_10

REL_13_11

REL_13_12

REL_13_13

REL_13_14

REL_13_15

REL_13_2

REL_13_3

REL_13_4

REL_13_5

REL_13_6

REL_13_7

REL_13_8

REL_13_9

REL_14_0

REL_14_1

REL_14_10

REL_14_11

REL_14_12

REL_14_2

REL_14_3

REL_14_4

REL_14_5

REL_14_6

REL_14_7

REL_14_8

REL_14_9

REL_15_0

REL_15_1

REL_15_2

REL_15_3

REL_15_4

REL_15_5

REL_15_6

REL_15_7

REL_16_0

REL_16_1

REL_16_2

REL_16_3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7348.json"