Home

CVE-2017-7484

Description

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.325

Associated Vulnerability

VulnerabilityOS Platform
Update PostgressSQL to 9.2.21Windows
Update PostgressSQL to 9.3.17Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.6.3Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.5.7Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.4.12Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.3.17Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7484 are fixed in PostgreSQL 9.2.21Windows
postgresql-9.4 security update(DSA-3851-1) postgresql-9.4_9.4.12-0+deb8u1_i386.debLinux
Update PostgressSQL to 9.2.21 (For Linux)Linux
Update PostgressSQL to 9.3.17 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.6.3 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.5.7 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.4.12 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.3.17 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7484 are fixed in PostgreSQL 9.2.21 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234