CVE-2018-1058
Description
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
82.687
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update PostgressSQL to 9.3.22 | Windows |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 10.3 | Windows |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 9.6.8 | Windows |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 9.5.12 | Windows |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 9.4.17 | Windows |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 9.3.22 | Windows |
| Object-relational SQL database (USN-3479-1) postgresql-9.3_9.3.22-0ubuntu0.14.04_i386.deb | Linux |
| Object-relational SQL database (USN-3479-1) postgresql-9.3_9.3.22-0ubuntu0.14.04_amd64.deb | Linux |
| Object-relational SQL database (USN-3479-1) postgresql-9.5_9.5.12-0ubuntu0.16.04_i386.deb | Linux |
| Object-relational SQL database (USN-3479-1) postgresql-9.5_9.5.12-0ubuntu0.16.04_amd64.deb | Linux |
| Object-relational SQL database (USN-3479-1) postgresql-9.6_9.6.8-0ubuntu0.17.10_i386.deb | Linux |
| Object-relational SQL database (USN-3479-1) postgresql-9.6_9.6.8-0ubuntu0.17.10_amd64.deb | Linux |
| Object-relational SQL database (USN-3589-1) postgresql-9.3_9.3.22-0ubuntu0.14.04_i386.deb | Linux |
| Object-relational SQL database (USN-3589-1) postgresql-9.3_9.3.22-0ubuntu0.14.04_amd64.deb | Linux |
| Object-relational SQL database (USN-3589-1) postgresql-9.5_9.5.12-0ubuntu0.16.04_i386.deb | Linux |
| Object-relational SQL database (USN-3589-1) postgresql-9.5_9.5.12-0ubuntu0.16.04_amd64.deb | Linux |
| SUSE-SU-2018:0755-1(SUSE Linux Enterprise Server 11-SP4 ) libecpg6-9.4.17-0.23.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0755-1(SUSE Linux Enterprise Server 11-SP4 ) libpq5-9.4.17-0.23.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0755-1(SUSE Linux Enterprise Server 11-SP4 ) libpq5-32bit-9.4.17-0.23.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0755-1(SUSE Linux Enterprise Server 11-SP4 ) postgresql94-9.4.17-0.23.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0755-1(SUSE Linux Enterprise Server 11-SP4 ) postgresql94-contrib-9.4.17-0.23.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0755-1(SUSE Linux Enterprise Server 11-SP4 ) postgresql94-docs-9.4.17-0.23.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0755-1(SUSE Linux Enterprise Server 11-SP4 ) postgresql94-server-9.4.17-0.23.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) libecpg6-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) libecpg6-debuginfo-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpq5-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpq5-32bit-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpq5-debuginfo-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpq5-debuginfo-32bit-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) postgresql96-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql96-contrib-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql96-contrib-debuginfo-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) postgresql96-debuginfo-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) postgresql96-debugsource-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql96-docs-9.6.8-3.16.1.noarch.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Desktop 12-SP2 ) postgresql96-libs-debugsource-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql96-server-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0756-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql96-server-debuginfo-9.6.8-3.16.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0876-1(SUSE Linux Enterprise Desktop 12-SP2 ) postgresql94-9.4.17-21.19.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0876-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql94-contrib-9.4.17-21.19.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0876-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql94-contrib-debuginfo-9.4.17-21.19.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0876-1(SUSE Linux Enterprise Desktop 12-SP2 ) postgresql94-debuginfo-9.4.17-21.19.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0876-1(SUSE Linux Enterprise Desktop 12-SP2 ) postgresql94-debugsource-9.4.17-21.19.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0876-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql94-docs-9.4.17-21.19.1.noarch.rpm | Linux |
| SUSE-SU-2018:0876-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql94-server-9.4.17-21.19.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0876-1(SUSE Linux Enterprise Server 12-SP2 ) postgresql94-server-debuginfo-9.4.17-21.19.1.x86_64.rpm | Linux |
| Update PostgressSQL to 9.3.22 (For Linux) | Linux |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 10.3 (For Linux) | Linux |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 9.6.8 (For Linux) | Linux |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 9.5.12 (For Linux) | Linux |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 9.4.17 (For Linux) | Linux |
| Vulnerabilities CVE-2018-1058 are fixed in PostgreSQL 9.3.22 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234