DEBIAN-CVE-2023-39418

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-39418

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-39418.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-39418

Upstream

CVE-2023-39418

Published

2023-08-11T13:15:09Z

Modified

2025-09-19T07:33:24.328432Z

Summary

[none]

Details

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

References

https://security-tracker.debian.org/tracker/CVE-2023-39418

Affected packages

Debian:12 / postgresql-15

Package

Name: postgresql-15
Purl: pkg:deb/debian/postgresql-15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.5-0+deb12u1

Affected versions

15.*

15.3-0+deb12u1

15.3-1

15.4-0+deb12u1

15.4-1

15.4-2

15.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}